Vulnerability in Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers
CVE-2025-20293

5.3MEDIUM

Key Information:

Vendor

Cisco
Status
Cisco iOS Xe Software
Vendor
CVE Published:
24 September 2025

Badges

👾 Exploit Exists

What is CVE-2025-20293?

A vulnerability in the initial Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers could permit an unauthenticated, remote attacker to access the public-key infrastructure server on affected devices. This issue arises due to insufficient cleanup after the Day One setup, allowing attackers to send Simple Certificate Enrollment Protocol requests. An exploit could enable attackers to acquire a certificate from the virtual wireless controller, facilitating the unauthorized joining of malicious devices to the controller.

Affected Version(s)

Cisco IOS XE Software 16.10.1

Cisco IOS XE Software 16.10.1s

Cisco IOS XE Software 16.10.1e

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-20293 : Vulnerability in Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers