A critical vulnerability (CVE-2025-20188) in Cisco IOS XE Wireless LAN Controllers allows remote attackers to upload arbitrary files and execute commands with root privileges, especially when the βOut-of-Band AP Image Downloadβ feature is enabled. Immediate action is recommended, including software updates and disabling vulnerable features, to prevent exploitation. #CiscoIOSXEWLC #CVE2025-20188
Keypoints
- The flaw stems from a hardcoded JSON Web Token (JWT) fallback secret βnotfoundβ.
- Attackers can generate valid JWT tokens using the fallback secret, bypassing authentication.
- Exploits involve uploading files via the β/ap_spec_rec/upload/β endpoint with path traversal techniques.
- Successful exploitation could lead to remote code execution, configuration changes, or web shell deployment.
- Cisco recommends upgrading to version 17.12.04 or later and disabling the affected feature temporarily.