Latest Cyber Security News

You are here: Home / General Cyber Security News / Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT
May 8, 2025

Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system.

The vulnerability, tracked as CVE-2025-20188, has been rated 10.0 on the CVSS scoring system.

“This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system,” the company said in a Wednesday advisory.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Cybersecurity

“An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges.”

That said, in order for the exploitation to be successful, the Out-of-Band AP Image Download feature must be enabled on the device. It’s disabled by default.

The following products are affected, if they have a vulnerable release running and have the Out-of-Band AP Image Download feature turned on –

  • Catalyst 9800-CL Wireless Controllers for Cloud
  • Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
  • Catalyst 9800 Series Wireless Controllers
  • Embedded Wireless Controller on Catalyst APs

Cybersecurity

While updating to the latest version is the best course of action, as temporary mitigations, users can disable the feature until an upgrade can be performed.

“With this feature disabled, AP image download will use the CAPWAP method for the AP image update feature, and this does not impact the AP client state,” Cisco added.

The networking equipment major credited X.B. of the Cisco Advanced Security Initiatives Group (ASIG) for discovering the reporting the bug during internal security testing. There is no evidence that the vulnerability has been maliciously exploited in the wild.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *