1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Cisco Identity Services Engine Injection Vulnerability

Known Exploited Vulnerabilities CVE-2025-20281

Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an attacker to perform remote code execution and obtaining root privileges on an affected device.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2025-20281 Cisco Identity Services Engine Injection Vulnerability exploitation_technique T1106 Native API
Comments
This vulnerability, present in the API in Cisco ISE and Cisco ISE-PIC, allows for an attacker to use maliciously crafted API requests to a vulnerable device. If exploited, the attacker can gain the ability to execute arbitrary code at the root level.
References
  1. https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-ise-unauth-rce-ZAd2GnJ6.html
CVE-2025-20281 Cisco Identity Services Engine Injection Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
This vulnerability, present in the API in Cisco ISE and Cisco ISE-PIC, allows for an attacker to use maliciously crafted API requests to a vulnerable device. If exploited, the attacker can gain the ability to execute arbitrary code at the root level.
References
  1. https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-ise-unauth-rce-ZAd2GnJ6.html