Exploit for Injection in Cisco Identity_Services_Engine CVE-2025-20281

Name: Exploit for Injection in Cisco Identity_Services_Engine CVE-2025-20281
Rating: 5 (10 reviews)

2025-06-27 | CVSS 9.8

## https://sploitus.com/exploit?id=020AA626-994E-5240-A5CB-835A6F3AB431
# CVE-2025-20281-2-Citrix-ISE-RCE
Unauthenticated Python PoC for CVE-2025-20281 RCE against Cisco ISE ERS API

# CVE-2025-20281 Unauthenticated PoC

A minimal Python proof-of-concept that exploits the unauthenticated RCE in Cisco ISE’s ERS API (CVE-2025-20281) by injecting arbitrary shell commands into the `InternalUser` resource.  

> **Warning:** Only run against systems you own or have explicit permission to test. Misuse of this tool is illegal.

## Features

- No authentication required  
- Supports two modes:
  - `--whoami` to run `whoami` on the target and display the HTTP response  
  - `--reverse` to spawn a bash reverse shell back to your listener

This script is based on the version loaded here :contentReference[oaicite:2]{index=2}.

## Prerequisites

- Python 3.6+  
- Install dependencies:
  ```bash
  pip install requests urllib3