Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT

Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT

Posted on By CWS

Could 08, 2025Ravie LakshmananVulnerability / Community Safety

Cisco has launched software program fixes to deal with a maximum-severity safety flaw in its IOS XE Wi-fi Controller that would allow an unauthenticated, distant attacker to add arbitrary recordsdata to a inclined system.
The vulnerability, tracked as CVE-2025-20188, has been rated 10.0 on the CVSS scoring system.
“This vulnerability is as a result of presence of a hard-coded JSON Internet Token (JWT) on an affected system,” the corporate mentioned in a Wednesday advisory.

“An attacker may exploit this vulnerability by sending crafted HTTPS requests to the AP picture obtain interface. A profitable exploit may enable the attacker to add recordsdata, carry out path traversal, and execute arbitrary instructions with root privileges.”
That mentioned, to ensure that the exploitation to achieve success, the Out-of-Band AP Picture Obtain function have to be enabled on the gadget. It is disabled by default.
The next merchandise are affected, if they’ve a susceptible launch operating and have the Out-of-Band AP Picture Obtain function turned on –

Catalyst 9800-CL Wi-fi Controllers for Cloud
Catalyst 9800 Embedded Wi-fi Controller for Catalyst 9300, 9400, and 9500 Sequence Switches
Catalyst 9800 Sequence Wi-fi Controllers
Embedded Wi-fi Controller on Catalyst APs

Whereas updating to the most recent model is one of the best plan of action, as short-term mitigations, customers can disable the function till an improve will be carried out.
“With this function disabled, AP picture obtain will use the CAPWAP technique for the AP picture replace function, and this doesn’t affect the AP shopper state,” Cisco added.
The networking gear main credited X.B. of the Cisco Superior Safety Initiatives Group (ASIG) for locating the reporting the bug throughout inside safety testing. There is no such thing as a proof that the vulnerability has been maliciously exploited within the wild.

Discovered this text fascinating? Observe us on Twitter  and LinkedIn to learn extra unique content material we publish.

The Hacker News Tags:, , , , , , , ,

Related Posts

FBI Alerts Law Firms to Luna Moth’s Stealth Phishing Campaign FBI Alerts Law Firms to Luna Moth’s Stealth Phishing Campaign The Hacker News
CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign The Hacker News
TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors The Hacker News
Critical SolarWinds Vulnerability Listed as Actively Exploited Critical SolarWinds Vulnerability Listed as Actively Exploited The Hacker News
Beyond Vulnerability Management – Can You CVE What I CVE? Beyond Vulnerability Management – Can You CVE What I CVE? The Hacker News
Why Business Impact Should Lead the Security Conversation Why Business Impact Should Lead the Security Conversation The Hacker News