## https://sploitus.com/exploit?id=D1C4D18A-C456-551A-B35E-696E80C93463
# CVE-2025-20281 - Cisco ISE RCE Vulnerability Checker
This script checks for the presence of the **CVE-2025-20281** vulnerability in Cisco Identity Services Engine (ISE) and ISE-PIC, which allows **unauthenticated remote code execution (RCE)** as root due to insufficient input validation in a specific API.
**This tool is intended for authorized security testing and educational purposes only. Do not use it against systems you do not own or have permission to test.**
## About the Vulnerability
**CVE-2025-20281** allows an **unauthenticated, remote attacker** to execute arbitrary commands as root on the underlying OS by submitting a specially crafted API request. The flaw is due to **improper validation of user-supplied input**.
- **Attack Vector:** Remote
- **Privileges Required:** None
- **Impact:** Remote Code Execution (root)
- **Affected Products:** Cisco ISE, Cisco ISE-PIC (specific versions)
## Features
- Sends a crafted payload to simulate code execution attempts
- Detects possible signs of vulnerability
- Simple command-line usage
- No authentication required
## Requirements
- Python 3.x
- `requests` library
Install via:
```bash
pip install requests
```
## Usage
```bash
python check_cve_2025_20281.py https://<TARGET-IP-OR-DOMAIN>
```
### Example:
```bash
python check_cve_2025_20281.py https://192.168.1.100
```
## Interpreting Results
- `[!!!] POSIBLE VULNERABILIDAD DETECTADA` โ Exploit attempt likely succeeded or triggered a revealing response.
- `[*] Server responded with error` โ Possible indicator of payload processing.
- `[-] No abnormal behavior detected` โ Target may not be vulnerable or is patched.
## File Structure
```
.
โโโ check_cve_2025_20281.py
โโโ README.md
โโโ requirements.txt
โโโ .gitignore
```
## Disclaimer
This script is provided **as-is** for **research and professional pentesting**. The authors are not responsible for any misuse or damages caused by this tool.
## ๐ References
- [Cisco Security Advisory for CVE-2025-20281](https://tools.cisco.com/security/center/)
- [MITRE CVE Record](https://vulners.com/cve/CVE-2025-20281)
## ๐จโ๐ป Author
**Grupo Oruss** โ โ Joy Bassett (@Division81),
[https://www.grupooruss.com](https://www.grupooruss.com)