Remote File Upload Vulnerability in Cisco IOS XE Software for Wireless LAN Controllers
CVE-2025-20188

10CRITICAL

Key Information:

Vendor

Cisco

Vendor
CVE Published:
7 May 2025

Badges

🥇 Trended No. 1📈 Trended📈 Score: 45,700👾 Exploit Exists📰 News Worthy

What is CVE-2025-20188?

CVE-2025-20188 is a critical vulnerability found in the Cisco IOS XE Software, specifically affecting Wireless LAN Controllers (WLCs). This vulnerability arises from the Out-of-Band Access Point (AP) Image Download feature, which allows unauthorized remote attackers to upload arbitrary files to affected systems. The root cause of the vulnerability lies in a hard-coded JSON Web Token (JWT) that facilitates authentication for this feature. An attacker can exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface, enabling them to upload files, execute arbitrary commands, and perform path traversal operations with root privileges on the device. Notably, for an attacker to exploit this vulnerability, the Out-of-Band AP Image Download feature must be enabled—although it is not enabled by default, some organizations may activate it for specific deployment requirements.

Potential Impact of CVE-2025-20188

  1. Complete Device Compromise: Exploitation of this vulnerability allows attackers to gain full control of affected wireless LAN controllers, leading to the potential execution of arbitrary commands with root privileges. This level of access can compromise the integrity and confidentiality of the network.

  2. File System Manipulation: The ability to upload arbitrary files can enable attackers to implant malware, including backdoors or other malicious tools, facilitating persistent access and control over the organization’s network infrastructure.

  3. Network Disruption and Data Breach: Successful exploitation can lead to severe network disruptions, manipulation of network configurations, and potential data breaches, compromising sensitive organizational information and undermining customer trust.

Affected Version(s)

Cisco IOS XE Software 17.7.1

Cisco IOS XE Software 17.10.1

Cisco IOS XE Software 17.10.1b

News Articles

Cisco patches maximum severity vulnerability in IOS XE Software

A hard-coded JSON Web Token could allow a remote attacker to upload files with root privileges.

3 weeks ago

Cisco patches maximum severity vulnerability in IOS XE Software

A hard-coded JSON Web Token could allow a remote attacker to upload files with root privileges.

3 weeks ago

Cisco fixes max severity IOS XE flaw letting attackers hijack devices

Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices.

3 weeks ago

References

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 📈

    Vulnerability started trending

  • 📰

    First article discovered by The Hacker News

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-20188 : Remote File Upload Vulnerability in Cisco IOS XE Software for Wireless LAN Controllers