CyberSecurity news
FlagThis
@sec.cloudapps.cisco.com
//
Cisco has issued a critical security advisory to address CVE-2025-20188, a severe vulnerability affecting its IOS XE Wireless LAN Controllers (WLCs). This flaw, which has been assigned a CVSS score of 10.0, allows an unauthenticated, remote attacker to upload arbitrary files to a vulnerable system. The root cause of this vulnerability lies in a hard-coded JSON Web Token (JWT) present within the affected system, enabling attackers to potentially gain root privileges. The vulnerability impacts several products, including Catalyst 9800-CL Wireless Controllers for Cloud, Catalyst 9800 Embedded Wireless Controllers for Catalyst 9300, 9400, and 9500 Series Switches, Catalyst 9800 Series Wireless Controllers, and Embedded Wireless Controllers on Catalyst APs.
The exploitation requires the Out-of-Band AP Image Download feature to be enabled, which is not enabled by default. An attacker can exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface. A successful exploit could enable the attacker to perform path traversal and execute arbitrary commands with root privileges, leading to a complete compromise of the affected system. Cisco advises administrators to check if the Out-of-Band AP Image Download feature is enabled by using the `show running-config | include ap upgrade` command. If the command returns `ap upgrade method https`, the feature is enabled, and the device is vulnerable.
Currently, there are no direct workarounds available to address this vulnerability. However, as a mitigation measure, administrators can disable the Out-of-Band AP Image Download feature. This will cause AP image downloads to use the CAPWAP method. Cisco strongly recommends implementing this mitigation until an upgrade to a fixed software release can be performed. Cisco has released free software updates to address this vulnerability, advising customers with service contracts to obtain these security fixes through their usual update channels, urging them to upgrade to the fixed release as soon as possible. As of now, the Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of this vulnerability.
ImgSrc: www.csoonline.c
References :
The exploitation requires the Out-of-Band AP Image Download feature to be enabled, which is not enabled by default. An attacker can exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface. A successful exploit could enable the attacker to perform path traversal and execute arbitrary commands with root privileges, leading to a complete compromise of the affected system. Cisco advises administrators to check if the Out-of-Band AP Image Download feature is enabled by using the `show running-config | include ap upgrade` command. If the command returns `ap upgrade method https`, the feature is enabled, and the device is vulnerable.
Currently, there are no direct workarounds available to address this vulnerability. However, as a mitigation measure, administrators can disable the Out-of-Band AP Image Download feature. This will cause AP image downloads to use the CAPWAP method. Cisco strongly recommends implementing this mitigation until an upgrade to a fixed software release can be performed. Cisco has released free software updates to address this vulnerability, advising customers with service contracts to obtain these security fixes through their usual update channels, urging them to upgrade to the fixed release as soon as possible. As of now, the Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of this vulnerability.
ImgSrc: www.csoonline.c
Share:
References :
- securityonline.info: Critical CVE-2025-20188 (CVSS 10) Flaw in Cisco IOS XE WLCs Allows Remote Root Access
- The Hacker News: Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT
- Rescana: Detailed Analysis Report on Cisco Security Advisory: cisco-sa-wlc-file-uplpd-rHZG9UfC Overview The Cisco Security Advisory ID...
- Anonymous ???????? :af:: New Cisco flaw scores a perfect 10.0 CVSS. A hardcoded token. Root access. No login needed. If you run Catalyst 9800 wireless controllers, you’ll want to check this fast.
- securityaffairs.com: Cisco fixed a critical flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files.
- thecyberexpress.com: News about Cisco fixing a 10.0-rated wireless controller flaw (CVE-2025-20188).
- securityonline.info: SecurityOnline reports on critical CVE-2025-20188 flaw in Cisco IOS XE WLCs allowing remote root access.
- sec.cloudapps.cisco.com: Security Advisory - Security updates available for Cisco IOS and IOS XE Software
- BleepingComputer: Cisco fixed a maximum severity IOS XE flaw letting attackers hijack devices
- Security Risk Advisors: Critical Vulnerability in Cisco IOS XE Wireless Controllers Allows Unauthenticated Remote Code Execution
- BleepingComputer: Cisco fixed a maxmimum severity (10.0) flaw in IOS XE for WLCs that allows attackers to hijack devices. The flaw, tracked as CVE-2025-20188, is caused by a hardcoded JWT token that lets you bypass authentication and ultimately execute commands as root.
- www.scworld.com: Cisco patches maximum severity vulnerability in IOS XE Software
- www.bleepingcomputer.com: Critical vulnerability in Cisco IOS XE Wireless Controllers allows unauthenticated remote code execution
- darkwebinformer.com: Cisco IOS XE Wireless Controllers Vulnerable to Unauthenticated Root Exploits via JWT (CVE-2025-20188)
- BleepingComputer: Cisco fixed a maxmimum severity (10.0) flaw in IOS XE for WLCs that allows attackers to hijack devices.
- www.csoonline.com: Cisco patches max-severity flaw allowing arbitrary command execution
- nvd.nist.gov: CVE-2025-20188 Details
Classification:
- HashTags: #Cisco #IOSXE #RemoteCodeExecution
- Company: Cisco
- Target: Cisco IOS XE Wireless Controller
- Product: IOS XE
- Feature: File Upload
- Type: Vulnerability
- Severity: Critical