Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-20188

CRITICAL
Published 2025-05-07T17:34:36.871Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-20188. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
10.0
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

A vulnerability in the Out-of-Band Access Point (AP) Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.

This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges.

Note: For exploitation to be successful, the Out-of-Band AP Image Download feature must be enabled on the device. It is not enabled by default.

Available Exploits

No exploits available for this CVE.

Related News

Experts published a detailed analysis of Cisco IOS XE WLC flaw CVE-2025-20188

Technical details about a critical Cisco IOS XE WLC flaw (CVE-2025-20188) are now public, raising the risk of a working exploit emerging soon. Details of a critical vulnerability, tracked as CVE-2025-20188, impacting Cisco IOS XE WLC are now public, raising t…

Securityaffairs.com 2025-06-02 06:58
Read More
Exploit details for max severity Cisco IOS XE flaw now public

Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. [...]

BleepingComputer 2025-05-31 14:09
Read More
Cisco fixed a critical flaw in its IOS XE Wireless Controller

Cisco addressed a flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files. Cisco released software updates to address a vulnerability, tracked as CVE-2025-20188 (CVSS score 10), in IOS XE Wireless…

Securityaffairs.com 2025-05-08 13:13
Read More
Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT

Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. The vulnerability, tracked as CVE-2025-201…

Internet 2025-05-08 04:57
Read More
Critical CVE-2025-20188 (CVSS 10) Flaw in Cisco IOS XE WLCs Allows Remote Root Access

Cisco has released a security advisory addressing a critical vulnerability in its IOS XE Software for Wireless LAN The post Critical CVE-2025-20188 (CVSS 10) Flaw in Cisco IOS XE WLCs Allows Remote Root Access appeared first on Daily CyberSecurity.

SecurityOnline.info 2025-05-08 01:48
Read More

Affected Products

Cisco

Cisco IOS XE Software

Affected Versions:

17.7.1 17.10.1 17.10.1b 17.8.1 17.9.1 17.9.2 17.9.3 17.9.4 17.9.5 17.9.4a 17.11.1 17.12.1 17.12.2 17.12.3 17.13.1 17.14.1 17.11.99SW

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.

This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP file upload interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges.

Affected Products (ENISA)

cisco
cisco ios xe software

ENISA Scoring

CVSS Score (3.1)

10.0
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

4.130
probability

ENISA References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC
https://nvd.nist.gov/vuln/detail/CVE-2025-20188
https://horizon3.ai/attack-research/attack-blogs/cisco-ios-xe-wlc-arbitrary-file-upload-vulnerability-cve-2025-20188-analysis

Data provided by ENISA EU Vulnerability Database. Last updated: June 6, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed CRITICAL

GHSA-489q-h7v6-2626

Advisory Details

A vulnerability in the Out-of-Band Access Point (AP) Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges. Note: For exploitation to be successful, the Out-of-Band AP Image Download feature must be enabled on the device. It is not enabled by default.

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-20188
WEB https://horizon3.ai/attack-research/attack-blogs/cisco-ios-xe-wlc-arbitrary-file-upload-vulnerability-cve-2025-20188-analysis
WEB https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC

Advisory provided by GitHub Security Advisory Database. Published: May 7, 2025, Modified: June 4, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

1 post
Reddit 2 weeks ago
MauriceTorres
Exploit PoC

🚨 Today’s Patch Tuesday Overview: 66 vulnerabilities, including one zero-day **Microsoft** has addressed **66** vulnerabilities, including **one zero-day** vulnerability, nine critical ones, and **one** **with** **proof of concept** (PoC). **Third-party:** web browsers, Android, Roundcube, Cisco, HPE, Ivanti, and processors. 📢 Navigate to [**Vulnerability Digest from Action1**](https://www.action1.com/patch-tuesday/patch-tuesday-june-2025/?vyr) for a comprehensive summary …

Also mentions: CVE-2025-33053 CVE-2025-33073 CVE-2025-27038 CVE-2025-21480 CVE-2025-20286 CVE-2025-21479 CVE-2025-5419 CVE-2025-24495 CVE-2024-45332 CVE-2025-49113 CVE-2025-4919 CVE-2025-4918 CVE-2024-28956 CVE-2025-4428 CVE-2025-4427
2
2.0
View Original High Risk

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC
Published: 2025-05-07T17:34:36.871Z
Last Modified: 2025-05-08T03:56:30.539Z
Copied to clipboard!