CVE-2025-20188

Summary

A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP file upload interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco IOS XE Software17.11.1affected
CiscoCisco IOS XE Software17.12.1affected
CiscoCisco IOS XE Software17.12.2affected
CiscoCisco IOS XE Software17.12.3affected
CiscoCisco IOS XE Software17.13.1affected
CiscoCisco IOS XE Software17.14.1affected
CiscoCisco IOS XE Software17.11.99SWaffected

Weaknesses

  • CWE-798: Use of Hard-coded Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

Additional References

References