⚠️ You’re about to leave this site and be redirected to:

Skip to content Dark Web Informer - Cyber Threat Intelligence

⚠️ You’re about to leave this site and be redirected to:

Support
Sign In Subscribe
Vulnerabilities

Cisco IOS XE Wireless Controllers Vulnerable to Unauthenticated Root Exploits via JWT (CVE-2025-20188)

 and  Dark Web Informer - Cyber Threat Intelligence
1 min read

🚨 Critical Security Vulnerability
🆔 CVE-2025-20188
💣 CVSS Score: 10.0 (Critical)
📅 Published: 2025-05-07

🔹 TL;DR
A critical vulnerability in Cisco IOS XE Wireless LAN Controllers (WLCs) allows unauthenticated remote attackers to gain root access by exploiting a hard-coded JSON Web Token (JWT) in the Out-of-Band Access Point (AP) Image Download feature.

🔸 Affected Versions
Devices running vulnerable versions of Cisco IOS XE Software with the Out-of-Band AP Image Download feature enabled:

  • Catalyst 9800-CL Wireless Controllers for Cloud
  • Catalyst 9800 Embedded Wireless Controllers for Catalyst 9300, 9400, and 9500 Series Switches
  • Catalyst 9800 Series Wireless Controllers
  • Embedded Wireless Controller on Catalyst Access Point

Note: The vulnerable feature is disabled by default.

⚠️ Vulnerability Details
The vulnerability arises from a hard-coded JWT present in the Out-of-Band AP Image Download feature. An unauthenticated attacker can exploit this by sending crafted HTTPS requests to the AP image download interface, allowing them to upload arbitrary files, perform path traversal, and execute commands with root privileges.

Exploitation requires the Out-of-Band AP Image Download feature to be enabled, which is not the default configuration.

🔧 Recommended Action

  • Upgrade to the latest fixed software version provided by Cisco.
  • Disable the Out-of-Band AP Image Download feature as a temporary mitigation:
    • Run the command: show running-config | include ap upgrade
    • If the output includes ap upgrade method https, the device is vulnerable.
    • Change the upgrade method to CAPWAP to mitigate the risk.

Note: Disabling the feature may have unintended consequences; evaluate the impact before applying this mitigation.

👤 Affected Environments

  • Organizations using Cisco IOS XE Wireless Controllers with the Out-of-Band AP Image Download feature enabled.
  • Environments where AP image downloads are configured to use HTTPS.

🧠 TTPs (MITRE Mapping)

  • CWE-798 – Use of Hard-coded Credentials
  • CAPEC-137 – Parameter Injection

🛠 References
🔗 Cisco Security Advisory
🔗 NIST NVD Entry
🔗 The Hacker News Coverage
🔗 The Cyber Express Report

Related

Latest