Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-20188

A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP file upload interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges.

Published

2025-05-07T18:15:38.617

Last Modified

2025-06-23T15:15:11.117

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 10.0 (CRITICAL)

Weaknesses

Type: Secondary
CWE-798

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios_xe	17.11.1	Yes
Operating System	cisco	ios_xe	17.11.99sw	Yes
Operating System	cisco	ios_xe	17.12.1	Yes
Operating System	cisco	ios_xe	17.12.2	Yes
Operating System	cisco	ios_xe	17.12.3	Yes
Operating System	cisco	ios_xe	17.13.1	Yes
Operating System	cisco	ios_xe	17.14.1	Yes

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC Vendor Advisory ([email protected])
https://horizon3.ai/attack-research/attack-blogs/cisco-ios-xe-wlc-arbitrary-file-upload-vulnerability-cve-2025-20188-analysis/ Exploit, Third Party Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)