AI description
CVE-2025-20188 is a vulnerability in the Out-of-Band Access Point (AP) Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs). It could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. The vulnerability exists because of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges. The Out-of-Band AP Image Download feature must be enabled on the device for a successful exploit.
- Description
- A vulnerability in the Out-of-Band Access Point (AP) Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges. Note: For exploitation to be successful, the Out-of-Band AP Image Download feature must be enabled on the device. It is not enabled by default.
- Source
- psirt@cisco.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@cisco.com
- CWE-798
- Hype score
- Not currently trending
CVE-2025-20188: Use of Hard-coded Credentials in Cisco IOS XE, 10.0 rating 🔥🔥🔥 Due to hard-coded JWT, Cisco IOS XE instances may be vulnerable to arbitrary file uploads. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/oYZDXVlEWr #cybersecurity #vulnerabilit
@Netlas_io
12 May 2025
3950 Impressions
10 Retweets
17 Likes
9 Bookmarks
0 Replies
0 Quotes
Threat Alert: Cisco Patches 35 Vulnerabilities Across Several Products - #CVE-2025-20188 CVE-2025-20188 Severity: ⚠️ Critical Maturity: 💥 Mainstream Learn more: https://t.co/SHMidmBob5 #CyberSecurity #ThreatIntel #InfoSec (1/3)
@fletch_ai
12 May 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-20188
@transilienceai
10 May 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Cisco has released software fixes to address a maximum-severity security flaw tracked as CVE-2025-20188 in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. https://t.co/iEXXUXtsGx https://t.co/
@riskigy
10 May 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
به تازگی برای Cisco IOS XE Wireless LAN Controllers آسیب پذیری با کد شناسایی CVE-2025-20188 منتشر شده است. این آسیب پذیری از نوع file upload بوده و همچنین به هکر امکان اجرای کامند با دس
@AmirHossein_sec
10 May 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 Cisco patches critical flaw (CVE-2025-20188) in IOS XE. Unauthenticated remote attackers can upload files. #CyberSecurity #Cisco https://t.co/lVDQzt3Yjl https://t.co/hg53V29Fc9
@CyberHub_blog
10 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-20188 CVSS 10/10🚨 Allows an unauthenticated remote attacker to take over devices. https://t.co/1yBcRas9qT MDE Device Discovery KQL: https://t.co/8Ez8ptmV0k https://t.co/pdsEM6bapg
@0x534c
10 May 2025
1404 Impressions
1 Retweet
23 Likes
16 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-20188
@transilienceai
9 May 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️Múltiples vulnerabilidades en los productos de Cisco ❗CVE-2025-20188 ❗CVE-2025-20186 ❗CVE-2025-20162 ➡️Más info: https://t.co/38fQRXhRmZ https://t.co/MnpU8rdA9y
@CERTpy
9 May 2025
213 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🚨Vulnerabilidade crítica CVE-2025-20188 no Cisco IOS XE WLC (CVSS 10.0)! 😱 Atacantes podem explorar o Download de Imagem de AP Out-of-Band para upload de arquivos e execução de comandos com privilégios de root. A Cisco liberou correções. Saiba mais no blog (link n
@brainworkblog
9 May 2025
61 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛠️ Cisco fixes critical IOS XE flaw (CVSS 10.0) CVE-2025-20188 lets remote attackers gain root via a hard-coded JWT in Catalyst 9800 controllers. Patch now or disable the vulnerable AP image download feature. https://t.co/44JAihxHUE #Cisco #Vulnerability #CyberSecurity ht
@dCypherIO
9 May 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-20188
@transilienceai
9 May 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🗞️ Cisco Patches Critical IOS XE Flaw Allowing Device Hijacking Cisco has fixed a maximum-severity (CVSS 10.0) flaw, CVE-2025-20188, in IOS XE for Wireless LAN Controllers. The flaw enabled attackers to bypass authentication and execute root commands. Admins must urgently
@gossy_84
9 May 2025
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: Critical Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability🚨 Vulnerability Details: CVE-2025-20188 (CVSS v3 10/10) Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability Impact: A successful exploit may allow
@CyberxtronTech
9 May 2025
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: Critical Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability🚨 Vulnerability Details: CVE-2025-20188 (CVSS v3 9.8/10) Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability Impact: A successful exploit may allow
@CyberxtronTech
9 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability (CVE-2025-20188) in Cisco’s IOS XE Wireless Controller allows attackers to gain root access through a simple HTTPS request without authentication. This severe flaw, rated at CVSS 10.0, poses a significant risk to network security, urging immediate acti.
@CybrPulse
9 May 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CiscoのIOS XE for WLCの脆弱性(CVSS 10.0)、JWTをハードコードしているって書いてて、ちょっとびっくり。 脆弱性を悪用するためにはデフォルトでは無効化されている設定を有効化している必要があるので簡単ではな
@papa_anniekey
9 May 2025
353 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
シスコがIOS XEにおけるCVE-2025-20188(CVSSスコア10.0)を修正、JWTを通じてルート権限のエクスプロイトを可能にする脆弱性に対応 https://t.co/O67dkI3WkW #Security #セキュリティ #ニュース
@SecureShield_
9 May 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-20188 ⚠️🔴 CRITICAL (10) 🏢 Cisco - Cisco IOS XE Software 🏗️ 17.7.1 🔗 https://t.co/ZslJAuoTNL #CyberCron #VulnAlert #InfoSec https://t.co/mo0YubeKyc
@cybercronai
8 May 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #Cisco Patches Critical Vulnerability in Wireless Controllers: What You Need to Know About #CVE-2025-20188 https://t.co/LG2X7bCJd9
@UndercodeNews
8 May 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Cisco IOS XE Wireless Controllers Vulnerable to Unauthenticated Root Exploits via JWT (CVE-2025-20188) CVSS: 10 https://t.co/QOAyB78l9p
@DarkWebInformer
8 May 2025
3094 Impressions
0 Retweets
8 Likes
5 Bookmarks
0 Replies
0 Quotes
#Cisco Patches CVE-2025-20188 (10.0 CVSS) in #IOS_XE That Enables #Root #Exploits via #JWT https://t.co/fbFeLZ4yQg https://t.co/ukNgHTMfzl
@omvapt
8 May 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20188: Be sure to patch your Cisco IOS XE Software! The usage of a hard-coded JSON Web Token (JWT) could allow remote unauthenticated attackers to upload files onto the device. https://t.co/NMXqMHSHMK https://t.co/a4ZJHwiyNd
@gothburz
8 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20188: Be sure to patch your Cisco IOS XE Software! The usage of a hard-coded JSON Web Token (JWT) could allow remote unauthenticated attackers to upload files onto the device. https://t.co/twWNjS5cvy
@gothburz
8 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20188 (CVSS 10) : Critical Flaw in Cisco IOS XE WLCs Allows Remote Root Access https://t.co/E03KUptYn4 https://t.co/vO5gH68vwe
@freedomhack101
8 May 2025
93 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Cisco Vulnerability – CVSS 10.0 CVE-2025-20188 targets Cisco IOS XE Wireless Controller Software, allowing unauthenticated attackers to upload files and execute root-level commands—all thanks to a hard-coded JWT in the Out-of-Band AP Image Download feature. htt
@SecurityJoes
8 May 2025
148 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
Cisco has patched a critical flaw (CVE-2025-20188) in IOS XE Wireless Controllers that could let attackers gain root access via a hard-coded JWT in HTTPS-enabled Out-of-Band AP Image Download. Stay secure! 🔒 #Networking #Security #USA https://t.co/6enoh0YNUw
@TweetThreatNews
8 May 2025
37 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Cisco patches 35 vulnerabilities across IOS, IOS XE, Catalyst, and SD-WAN. The critical flaw CVE-2025-20188 allows remote code execution on Wireless LAN Controllers with out-of-band AP enabled. Stay secure! 🔒 #NetworkSecurity #CiscoUS #TechUpdate https://t.co/MjzEm3ICzW
@TweetThreatNews
8 May 2025
56 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-20188
@transilienceai
8 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Cisco, JWT Üzerinden Root İstismarlarını Sağlayan CVE-2025-20188 (10.0 CVSS) Açığını IOS XE’de Yamanladı #AhmetinMasumiyetiKorunsun Korkuyorlar #siberguvenlik https://t.co/lRyOMLD9xI
@teknomers
8 May 2025
220 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVSS 10.0: Critical root-level vulnerability (CVE-2025-20188) found in Cisco IOS XE wireless controllers. Patch now or disable the vulnerable feature. #Cybersecurity #Cisco #CVE202520188 ➡️ https://t.co/21BURLR9vK
@threatsbank
8 May 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco patches CVE-2025-20188 (CVSS 10.0) in IOS XE Wireless Controllers. The flaw involves a hard-coded JWT, enabling remote root exploits via crafted HTTPS requests. Affected devices must update. 🔒 #CyberAlert #Cisco #USA https://t.co/VSEORZd3ik
@TweetThreatNews
8 May 2025
89 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
#Cisco Patches #CVE-2025-20188 (10.0 #CVSS) in IOS XE That Enables Root Exploits via JWT https://t.co/goIpGXvciH
@ScyScan
8 May 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco has unveiled critical software fixes for a severe vulnerability (CVE-2025-20188) in its IOS XE Wireless Controller, which poses a significant threat of unauthorized remote file uploads. The flaw rates a perfect 10.0 on the CVSS scale, making immediate updates crucial for...
@CybrPulse
8 May 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT https://t.co/Ww7FTWZq18 https://t.co/NpxFHHUeGk
@talentxfactor
8 May 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 Cisco أصدرت تحديثات برمجية لمعالجة ثغرة أمنية خطيرة (CVE-2025-20188) في IOS XE تسمح لمهاجم عن بعد بتحميل ملفات عشوائية دون مصادقة. هذه الثغرة تصنف بـ 10.0 على مقياس CVSS
@Cybercachear
8 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📍Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT https://t.co/OZfajKmK7L
@cyberetweet
8 May 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"EnRoute Solutions alerts organizations to urgently patch CVE-2025-20188, a critical vulnerability in Cisco IOS XE that enables root exploits via JSON Web Tokens... https://t.co/8S0LlZcEci #TechNews #ITServices #Consulting
@EnRouteIT
8 May 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ciscoは、IOS XE Wireless LAN Controllersにおける重大な脆弱性(CVE-2025-20188)を公表した。この脆弱性は、Out-of-Band AP Image Download機能に存在し、ハードコードされたJSON Web Token(JWT)の存在に起因する。
@yousukezan
8 May 2025
1904 Impressions
3 Retweets
14 Likes
3 Bookmarks
0 Replies
0 Quotes
🛑 New Cisco flaw scores a perfect 10.0 CVSS. A hardcoded token. Root access. No login needed. If you run Catalyst 9800 wireless controllers, you’ll want to check this fast. 👉 Read more about CVE-2025-20188 here: https://t.co/ZTtk1qHqoQ
@TheHackersNews
8 May 2025
198235 Impressions
248 Retweets
681 Likes
202 Bookmarks
22 Replies
64 Quotes
A critical security flaw in Cisco's IOS XE Wireless LAN Controllers allows unauthorized access that could grant attackers complete control over affected devices. The vulnerability, tracked as CVE-2025-20188, is rated 10.0 for severity and calls for immediate patching to preven...
@CybrPulse
8 May 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Critical CVE-2025-20188 (CVSS 10) Flaw in Cisco IOS XE WLCs Allows Remote Root Access https://t.co/1BOoTjm3IT
@Dinosn
8 May 2025
3872 Impressions
17 Retweets
47 Likes
15 Bookmarks
1 Reply
0 Quotes
CVE-2025-20188 A vulnerability in the Out-of-Band Access Point (AP) Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticate… https://t.co/3DMvWlNnr2
@CVEnew
7 May 2025
150 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes