Latest Cyber Security News

You are here: Home / General Cyber Security News / Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT
May 8, 2025

Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system.

The vulnerability, tracked as CVE-2025-20188, has been rated 10.0 on the CVSS scoring system.

“This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system,” the company said in a Wednesday advisory.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Cybersecurity

“An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges.”

That said, in order for the exploitation to be successful, the Out-of-Band AP Image Download feature must be enabled on the device. It’s disabled by default.

The following products are affected, if they have a vulnerable release running and have the Out-of-Band AP Image Download feature turned on –

  • Catalyst 9800-CL Wireless Controllers for Cloud
  • Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
  • Catalyst 9800 Series Wireless Controllers
  • Embedded Wireless Controller on Catalyst APs

Cybersecurity

While updating to the latest version is the best course of action, as temporary mitigations, users can disable the feature until an upgrade can be performed.

“With this feature disabled, AP image download will use the CAPWAP method for the AP image update feature, and this does not impact the AP client state,” Cisco added.

The networking equipment major credited X.B. of the Cisco Advanced Security Initiatives Group (ASIG) for discovering the reporting the bug during internal security testing. There is no evidence that the vulnerability has been maliciously exploited in the wild.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *