CVE-2025-20188

Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability

CVE-2025-20188 is a critical arbitrary file upload vulnerability found in Cisco IOS XE Wireless Controller Software, including versions used in Catalyst 9800 and Embedded Wireless Controllers. It is caused by a hard-coded JSON Web Token (JWT) that allows an unauthenticated, remote attacker to send specially crafted HTTPS requests to the AP image download interface. This functionality requires the Out-of-Band AP Image Download feature to be enabled, which is not the default setting on the affected devices.

Exploiting this vulnerability could enable an attacker to upload files, perform path traversal operations, and execute arbitrary commands with root privileges on the affected system. This could result in full control over the impacted device, posing a significant security risk.

Mitigations

  • Reference the vendor advisory and upgrade to the latest patched version.

Rapid Response N-Day Testing

Run the Test Now

🔗 Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis

🔗 Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability

🔗 CVE-2025-20188

🔗 Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT

Read about other CVEs

CVE-2024-23108

Fortinet FortiSIEM 2nd Order Command Injection

Read More

CVE-2023-43208

NextGen Mirth Connect Pre-Auth RCE

Read More

CVE-2023-34992

Fortinet FortiSIEM Command Injection

Read More

NodeZero® Platform

Implement a continuous find, fix, and verify loop with NodeZero

The NodeZero® platform empowers your organization to reduce your security risks by autonomously finding exploitable weaknesses in your network, giving you detailed guidance around how to priortize and fix them, and having you immediately verify that your fixes are effective.
Explore NodeZero

Recognized By