Remote File Upload Vulnerability in Cisco IOS XE Software for Wireless LAN Controllers
CVE-2025-20188

10CRITICAL

Key Information:

Vendor
Cisco
Vendor
CVE Published:
7 May 2025

Badges

🔥 Trending now🥇 Trended No. 1📈 Trended📈 Score: 17,200👾 Exploit Exists📰 News Worthy

What is CVE-2025-20188?

CVE-2025-20188 is a significant vulnerability found in Cisco IOS XE Software, specifically pertaining to Wireless LAN Controllers (WLCs). This flaw exists in the Out-of-Band Access Point Image Download feature, which, if exploited, allows an unauthenticated remote attacker to upload arbitrary files to an affected system. The vulnerability arises from a hard-coded JSON Web Token (JWT) that grants unauthorized access if an attacker sends specially crafted HTTPS requests. The consequences of such an exploitation could severely undermine an organization’s security posture, potentially leading to unauthorized file execution and system compromise.

Technical Details

The vulnerability is rooted in the Out-of-Band AP Image Download functionality of Cisco’s IOS XE Software. Attackers can exploit this flaw by leveraging the hard-coded JWT that is present within the system. By crafting and sending specific HTTPS requests to the AP image download interface, an attacker can execute operations such as file uploads, path traversal, and command execution with elevated root privileges. It is important to note that for successful exploitation, the Out-of-Band AP Image Download feature must be enabled, which is not the default setting on Cisco devices.

Potential Impact of CVE-2025-20188

  1. Unauthorized Access and Control: Attackers can gain unauthorized access to systems, enabling them to upload malicious files or scripts that could alter system configurations or deploy additional malware.

  2. Remote Code Execution: Given the elevated privileges granted through successful exploitation, there is a risk of executing arbitrary commands remotely. This can lead to full control over the affected device, resulting in significant operational disruption.

  3. Data Breaches and Information Theft: The ability to upload and execute files means that sensitive organizational data could be accessed, manipulated, or exfiltrated, which could jeopardize data integrity and confidentiality.

Affected Version(s)

Cisco IOS XE Software 17.7.1

Cisco IOS XE Software 17.10.1

Cisco IOS XE Software 17.10.1b

News Articles

Cisco patches maximum severity vulnerability in IOS XE Software

A hard-coded JSON Web Token could allow a remote attacker to upload files with root privileges.

16 hours ago

Cisco fixes max severity IOS XE flaw letting attackers hijack devices

Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices.

17 hours ago

Cisco Patches CVE-2025-20188 In IOS XE Wireless Controller

Cisco fixes CVE-2025-20188, a critical 10.0 CVSS flaw in IOS XE Wireless Controller, allowing remote root exploits via hard-coded JWT.

1 day ago

References

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 📈

    Vulnerability started trending

  • 📰

    First article discovered by The Hacker News

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-20188 : Remote File Upload Vulnerability in Cisco IOS XE Software for Wireless LAN Controllers | SecurityVulnerability.io