Remote File Upload Vulnerability in Cisco IOS XE Software for Wireless LAN Controllers
CVE-2025-20188
Key Information:
- Vendor
Cisco
- Status
- Vendor
- CVE Published:
- 7 May 2025
Badges
What is CVE-2025-20188?
CVE-2025-20188 is a critical vulnerability found in the Cisco IOS XE Software, specifically affecting Wireless LAN Controllers (WLCs). This vulnerability arises from the Out-of-Band Access Point (AP) Image Download feature, which allows unauthorized remote attackers to upload arbitrary files to affected systems. The root cause of the vulnerability lies in a hard-coded JSON Web Token (JWT) that facilitates authentication for this feature. An attacker can exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface, enabling them to upload files, execute arbitrary commands, and perform path traversal operations with root privileges on the device. Notably, for an attacker to exploit this vulnerability, the Out-of-Band AP Image Download feature must be enabled—although it is not enabled by default, some organizations may activate it for specific deployment requirements.
Potential Impact of CVE-2025-20188
-
Complete Device Compromise: Exploitation of this vulnerability allows attackers to gain full control of affected wireless LAN controllers, leading to the potential execution of arbitrary commands with root privileges. This level of access can compromise the integrity and confidentiality of the network.
-
File System Manipulation: The ability to upload arbitrary files can enable attackers to implant malware, including backdoors or other malicious tools, facilitating persistent access and control over the organization’s network infrastructure.
-
Network Disruption and Data Breach: Successful exploitation can lead to severe network disruptions, manipulation of network configurations, and potential data breaches, compromising sensitive organizational information and undermining customer trust.
Affected Version(s)
Cisco IOS XE Software 17.7.1
Cisco IOS XE Software 17.10.1
Cisco IOS XE Software 17.10.1b
News Articles
Cisco patches maximum severity vulnerability in IOS XE Software
A hard-coded JSON Web Token could allow a remote attacker to upload files with root privileges.
3 weeks ago
Cisco patches maximum severity vulnerability in IOS XE Software
A hard-coded JSON Web Token could allow a remote attacker to upload files with root privileges.
3 weeks ago
Cisco fixes max severity IOS XE flaw letting attackers hijack devices
Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices.
3 weeks ago
References
CVSS V3.1
Timeline
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 📰
First article discovered by The Hacker News
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved