Technical particulars have been launched for a just lately patched critical-severity vulnerability in Cisco IOS XE that could possibly be exploited for distant code execution (RCE).
Tracked as CVE-2025-20188 (CVSS rating of 10/10), the bug is described as an arbitrary file add that exists due to a hardcoded JSON Internet Token (JWT).
Cisco introduced fixes for the safety defect on Could 7, explaining that attackers might exploit it remotely, with out authentication, by sending crafted HTTPS requests to the Out-of-Band Entry Level (AP) picture obtain interface of a weak system.
Profitable exploitation of the problem might enable attackers to carry out path traversal, add arbitrary information, and execute instructions with root privileges, Cisco stated, underlining that solely programs with the Out-of-Band AP picture obtain characteristic enabled are weak.
The bug impacts Catalyst 9800 sequence wi-fi controllers, Catalyst 9800-CL wi-fi controllers for cloud, the Catalyst 9800 embedded wi-fi controller for 9300, 9400, and 9500 sequence switches, and the embedded wi-fi controller for Catalyst APs, the corporate stated.
Final week, Horizon3.ai revealed a technical evaluation of the vulnerability, explaining that the weak characteristic runs as a separate service on port 8443.
Horizon3.ai found that an attacker might obtain RCE by overwriting an present configuration file with their very own instructions after which importing a brand new file to a selected listing that will set off a service restart.
“After digging by way of these companies, we found an inner course of administration service (pvp.sh) that waits for information to be written to a selected listing. As soon as a change is detected, it could set off a service reload primarily based on the instructions specified within the service’s config file,” the safety agency explains.Commercial. Scroll to proceed studying.
Customers are suggested to improve to a patched Cisco IOS XE software program launch or disable the Out-of-Band AP picture obtain characteristic if the improve can’t be carried out.
Associated: Veeam Patches Crucial Vulnerability in Backup & Replication
Associated: ChatGPT Instrument Vulnerability Exploited In opposition to US Authorities Organizations
Associated: Crucial OpenPGP.js Vulnerability Permits Spoofing
Associated: Code Execution Flaw Present in Nuclei Vulnerability Scanner
