Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
10
CVSSv3

CVE-2025-20188

CVSSv4: NA | CVSSv3: 10 | CVSSv2: NA | VMScore: 1000 | EPSS: 0.00202 | KEV: Not Included
Published: 07/05/2025 Updated: 08/05/2025

Vulnerability Summary

Cisco IOS XE WLC Unauthenticated Remote Code Execution via JWT Vulnerability

A vulnerability exists in Cisco IOS XE Software for Wireless LAN Controllers (WLCs) related to the Out-of-Band Access Point (AP) Image Download feature. An unauthenticated, remote attacker could potentially upload arbitrary files to an affected system due to a hard-coded JSON Web Token (JWT). By sending crafted HTTPS requests to the AP image download interface, an attacker might upload files, conduct path traversal, and execute arbitrary commands with root privileges. However, this vulnerability requires the Out-of-Band AP Image Download feature to be enabled on the device, which is not the default configuration.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco cisco ios xe software

Github Repositories

https://github.com/Sratet/CVE-2025-20188

CVE-2025-20188

Recent Articles

Cisco fixes max severity IOS XE flaw letting attackers hijack devices
BleepingComputer • Bill Toulas • 08 May 2025

Cisco fixes max severity IOS XE flaw letting attackers hijack devices By Bill Toulas May 8, 2025 04:53 PM 0 Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices. This token is meant to authenticate requests to a feature called 'Out-of-Band AP Image Download.' Since it's hard-coded, anyone can impersonate an authorized user without credentials. The vulne...

Read more...

References

CWE-798https://nvd.nist.govhttps://github.com/Sratet/CVE-2025-20188https://www.bleepingcomputer.com/news/security/cisco-fixes-max-severity-ios-xe-flaw-letting-attackers-hijack-devices/https://www.first.org/epsshttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
asteriskwire-webappCVE-2025-4692cyberdavaCVE-2024-13950CVE-2025-40775mobile dynamixCVE-2024-13949CVE-2024-13948CVE-2025-4664remote attackersunauthorizedhard-coded
Home
/
Search Results
/
CVE-2025-20188
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook