CyberSecurity news
FlagThis
@sec.cloudapps.cisco.com
//
Cisco has issued critical patches for a severe vulnerability, CVE-2025-20188, affecting its IOS XE Wireless Controller software. This flaw, which received a maximum severity score of 10.0 on the CVSS scale, could allow an unauthenticated remote attacker to gain root-level access to affected systems. The root cause of the vulnerability lies in a hard-coded JSON Web Token (JWT) embedded within the IOS XE Wireless Controller, making it possible for attackers to upload arbitrary files and execute commands with the highest privileges. This vulnerability poses a significant risk to organizations using Cisco Catalyst 9800 wireless controllers and related products.
The vulnerability, detailed in Cisco security advisory cisco-sa-wlc-file-uplpd-rHZG9UfC, can be exploited by sending specially crafted HTTPS requests to the Access Point (AP) image download interface. A successful exploit could enable attackers to perform path traversal and execute arbitrary commands with root privileges. For the exploit to work, the Out-of-Band AP Image Download feature must be enabled on the device, which is disabled by default. Affected products include Catalyst 9800-CL Wireless Controllers for Cloud, Catalyst 9800 Embedded Wireless Controllers for Catalyst 9300, 9400, and 9500 Series Switches, Catalyst 9800 Series Wireless Controllers, and Embedded Wireless Controllers on Catalyst APs.
Cisco has released free software updates to address this vulnerability, urging customers with affected products to update to the latest versions immediately. As a temporary mitigation, administrators can disable the Out-of-Band AP Image Download feature until the upgrade is complete. Disabling this feature forces AP image downloads to use the CAPWAP method, which does not impact the AP client state. Cisco credits X.B. of the Cisco Advanced Security Initiatives Group (ASIG) for discovering and reporting the vulnerability during internal security testing. At present, there's no evidence of this vulnerability being exploited in the wild.
References :
The vulnerability, detailed in Cisco security advisory cisco-sa-wlc-file-uplpd-rHZG9UfC, can be exploited by sending specially crafted HTTPS requests to the Access Point (AP) image download interface. A successful exploit could enable attackers to perform path traversal and execute arbitrary commands with root privileges. For the exploit to work, the Out-of-Band AP Image Download feature must be enabled on the device, which is disabled by default. Affected products include Catalyst 9800-CL Wireless Controllers for Cloud, Catalyst 9800 Embedded Wireless Controllers for Catalyst 9300, 9400, and 9500 Series Switches, Catalyst 9800 Series Wireless Controllers, and Embedded Wireless Controllers on Catalyst APs.
Cisco has released free software updates to address this vulnerability, urging customers with affected products to update to the latest versions immediately. As a temporary mitigation, administrators can disable the Out-of-Band AP Image Download feature until the upgrade is complete. Disabling this feature forces AP image downloads to use the CAPWAP method, which does not impact the AP client state. Cisco credits X.B. of the Cisco Advanced Security Initiatives Group (ASIG) for discovering and reporting the vulnerability during internal security testing. At present, there's no evidence of this vulnerability being exploited in the wild.
Share:
References :
- securityonline.info: Critical CVE-2025-20188 (CVSS 10) Flaw in Cisco IOS XE WLCs Allows Remote Root Access
- The Hacker News: Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT
- Rescana: Critical Vulnerability Analysis in Cisco IOS XE for WLCs: CVE-2025-20188 Report
- Anonymous ???????? :af:: New Cisco flaw scores a perfect 10.0 CVSS. A hardcoded token. Root access. No login needed. If you run Catalyst 9800 wireless controllers, you’ll want to check this fast.
- Security Affairs: Cisco addressed a flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files.
- thecyberexpress.com: CVE-2025-20188: Cisco Fixes 10.0-Rated Wireless Controller Flaw
Classification:
- HashTags: #Cisco #vulnerability #security
- Company: Cisco
- Target: Cisco IOS XE Wireless Controller
- Product: IOS XE Wireless Controller
- Feature: root access
- Malware: CVE-2025-20188
- Type: Vulnerability
- Severity: Critical