AI description
CVE-2025-20188 is a vulnerability in the Out-of-Band Access Point (AP) Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs). It could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. The vulnerability exists because of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges. The Out-of-Band AP Image Download feature must be enabled on the device for a successful exploit.
- Description
- A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP file upload interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges.
- Source
- psirt@cisco.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@cisco.com
- CWE-798
- Hype score
- Not currently trending
Cisco製品の新たな脆弱性についてのご報告です💻 Cisco IOS XE for WLC:静的JWTによるファイルアップロード脆弱性となります。 CVSSスコアは10.0 Critical判定⚠️ 該当CVE番号は『CVE-2025-20188』です。 概要はツリーに
@esunekk
9 Jun 2025
94 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
1 Quote
🚨 CVE-2025-20188 - critical 🚨 Cisco IOS XE WLC - Arbitrary File Upload > A vulnerability in the Out-of-Band Access Point (AP) Image Download feature of Cisco ... 👾 https://t.co/E014ARunXn @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
5 Jun 2025
125 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-20188
@transilienceai
5 Jun 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-20188: A critical arbitrary file upload vulnerability in Cisco IOS XE Wireless Controller Software could allow unauthenticated attackers to gain root access and take full control of affected devices. Learn more and confirm you're not exploitable with a #NodeZero h
@Horizon3ai
4 Jun 2025
221 Impressions
8 Retweets
5 Likes
1 Bookmark
0 Replies
1 Quote
به تازگی برای محصول Cisco IOS XE Wireless LAN Controllers آسیب پذیری با کد شناسایی CVE-2025-20188 منتشر شده است. این آسیب پذیری امکان file upload و اجرای کامند با دسترسی root را می دهد. htt
@AmirHossein_sec
4 Jun 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco Alert: Critical Exploit Goes Public Details of CVE-2025-20188 are out—allowing remote code execution on IOS XE devices via Web UI. Is your network at risk? News: https://t.co/IF8Jx4bQOc #Cisco #CyberSecurity #ZeroDay #NetworkSecurity #CVE2025 https://t.co/ly9BtsLqyi
@FileionStack
3 Jun 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT 🔥Deep Dive: https://t.co/spRrmWVPcX 🎯900+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link: https://t.co/zjEp2v8AeX FOFA Query:app="CISCO-IOS-XE" https://t.co/DO6
@fofabot
3 Jun 2025
1201 Impressions
3 Retweets
15 Likes
8 Bookmarks
0 Replies
0 Quotes
CVE-2025-20188: A critical arbitrary file upload flaw in Cisco IOS XE WLC devices poses a max-severity risk (CVSS 10.0) to enterprise Wi-Fi networks. Thanks to the experts from @keepersecurity & @Bugcrowd for the insights. 🔗 Read more: https://t.co/1VJ0zQafQp #ISBNews
@Info_Sec_Buzz
3 Jun 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Cisco IOS XE Flaw (CVE-2025-20188): Unauthenticated RCE Risk Exposed https://t.co/luB4kucBII
@the_yellow_fall
3 Jun 2025
2133 Impressions
18 Retweets
41 Likes
10 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2025-20188 : Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability 🧐Deep Dive :https://t.co/23cZvf48TL 📊900+Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/pzZqWe3wpm 👇Query HUNTER : https://
@HunterMapping
3 Jun 2025
3885 Impressions
28 Retweets
64 Likes
26 Bookmarks
2 Replies
0 Quotes
Ciscoの重大なバグで悪用リスクが拡大(CVE-2025-20188) https://t.co/4O7ZgLVdU2 #Security #セキュリティ #ニュース
@SecureShield_
3 Jun 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-20188
@transilienceai
3 Jun 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Critical RCE Vulnerability in Cisco IOS XE Receives Patch as Technical Details Emerge Cisco has patched a critical vulnerability (CVE-2025-20188, CVSS 10.0) in IOS XE, allowing unauthenticated remote code execution via a hardcoded JSON Web Token (JWT). The flaw affects the https
@dCypherIO
2 Jun 2025
47 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A severe vulnerability (CVE-2025-20188) has been found in Cisco's IOS XE Wireless Controller Software, rated CVSS 10.0. Exploiting this flaw allows an unauthenticated attacker to gain root access, posing a serious threat. https://t.co/o56PojrpxO
@The4n6Analyst
2 Jun 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Experts published a detailed analysis of Cisco IOS XE WLC flaw CVE-2025-20188 https://t.co/QvxrpGiFBT
@Dinosn
2 Jun 2025
2309 Impressions
4 Retweets
16 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨 Critical #Cisco #IOS XE WLC Vulnerability Exposed: #CVE-2025-20188 Analysis https://t.co/q1W4uiHUxJ
@UndercodeNews
2 Jun 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploit details for max severity Cisco IOS XE flaw now public🔥🕵️♂️ Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit! https:/
@SSuiteSoftware
2 Jun 2025
8 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🗞️ Exploit Details for Critical Cisco IOS XE Flaw Now Public, Urging Immediate Action Exploit details for CVE-2025-20188, a max-severity Cisco IOS XE flaw, are now public, enabling attackers to upload files and gain root access. Cisco urges admins to patch to version 17.12.
@gossy_84
2 Jun 2025
89 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-20188 in Cisco IOS XE: accesso remoto e scrittura arbitraria di file Vulnerabilità, cisco, Cisco IOS XE, CVE-2025-20188, exploit path traversal, file upload, JWT hardcoded, Lua OpenResty, rce, WLC https://t.co/eyqGJSuEu8 https://t.co/PEtwFbqeH7
@matricedigitale
2 Jun 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Experts published a detailed analysis of Cisco IOS XE WLC flaw CVE-2025-20188 https://t.co/fWFBBxOep3 #securityaffairs #hacking
@securityaffairs
2 Jun 2025
342 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco IOS XE WLC の任意のファイルアップロードの脆弱性(CVE-2025-20188)に関する技術的な詳細が公開されたそうです。 https://t.co/joOrr7X7Zd
@ntsuji
2 Jun 2025
580 Impressions
0 Retweets
5 Likes
1 Bookmark
1 Reply
0 Quotes
Details of critical Cisco flaw CVE-2025-20188 are now public, increasing the risk of active exploitation. https://t.co/tIkxcYjWWe #Cisco #critical #vulnerability #CVE-2025-20188 #exploit #CyberSecurity #threatresq
@ThreatResq
2 Jun 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20188 : Exploit details for max severity Cisco IOS XE flaw now public https://t.co/zjIEuT8L9M
@freedomhack101
1 Jun 2025
75 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨 Max severity Cisco IOS XE flaw (CVE-2025-20188) exploit details are now public! This WLC arbitrary file upload vulnerability could be a big problem. Patch your systems ASAP! More info: [URL] https://t.co/8k4UhaSr9j
@fishpassenger
1 Jun 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical alert: Technical details for CVE-2025-20188, a max-severity Cisco IOS XE WLC file upload flaw, are now public—exploits may follow. Patch ASAP! #Cybersecurity #Cisco #Vulnerability #InfoSec https://t.co/SKUR3QlvGr
@NidaSaharBytes
1 Jun 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploit details for max severity Cisco IOS XE flaw now public 🔥 Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit! https://t.co/jkIPuLYW1
@SSuiteSoftware
1 Jun 2025
36 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. #cybersecurity https://t.co/nl4dFOocvr
@cybertzar
1 Jun 2025
41 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis https://t.co/Uun5oshBpU https://t.co/nCOwpInAbG
@ngnicky
31 May 2025
103 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Cisco IOS XEのWLCに存在する重大な脆弱性(CVE-2025-20188)の技術詳細が公開され、攻撃実行が現実味を帯びてきた。 問題はハードコードされたJWT(秘密鍵「notfound」)とパス検証の不備により、認証なしに任意フ
@yousukezan
31 May 2025
605 Impressions
0 Retweets
0 Likes
2 Bookmarks
1 Reply
0 Quotes
A critical Cisco IOS XE flaw (CVE-2025-20188) allows remote attackers to upload files and run commands with root privileges by exploiting a hardcoded JWT fallback secret “notfound” and path traversal in the upload endpoint. ⚠️ #NetworkSecurity #CiscoVuln https://t.co/Cv6A
@TweetThreatNews
31 May 2025
96 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical Cisco IOS XE WLC flaw (CVE-2025-20188) exposed—exploit incoming. Patch ASAP! ⚠️ #Cybersecurity #Infosec #ZeroDay https://t.co/SKUR3QlvGr
@NidaSaharBytes
31 May 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Cisco IOS XE vulnerability (CVE-2025-20188) highlights need for cybersecurity vigilance. https://t.co/D5X1jc4e9k
@threatlight
31 May 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Cisco IOS XE vulnerability (CVE-2025-20188) details are now public - allows unauthenticated attackers to upload malicious files and gain root access. Patch immediately or disable web UI. Similar flaws were widely exploited before. Details: https://t.co/UODNr7urjU
@RedTeamNewsBlog
31 May 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical information about the maximum-severity Cisco IOS XE flaw, CVE-2025-20188, is now public. This blog post details the arbitrary file upload vulnerability and its implications, paving the way for potential exploits. Stay informed and secure: https://t.co/txomDryaIm
@trubetech
31 May 2025
198 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
📌 تم نشر تفاصيل فنية عن ثغرة عالية الخطورة في Cisco IOS XE، مسجلة تحت CVE-2025-20188، والتي تسمح بتحميل ملفات بشكل عشوائي. هذه المعلومات تعزز إمكانية تطوير استغلال ف
@Cybercachear
31 May 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Technical details of the CVE-2025-20188 Cisco IOS XE WLC flaw have been released, prompting immediate protective measures for vulnerable users amid potential exploitation risks. #security https://t.co/uJAjQnOkTL
@Strivehawk
31 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New Cisco Zero-Day Alert – CVE-2025-20188 A critical flaw in IOS XE WEB UI and WLCs lets attackers run code as root. Affects: 17.9.1 to 17.9.4a | CVSS: 9.8 💡Details in infographics. 🔗 Follow @CSec88 for more such updates. #CyberSecurity #Cisco #ZeroDay #InfoSec
@CSec88
30 May 2025
137 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Un POC a été publié pour la vulnérabilité critique (CVE-2025-20188) sur les contrôleurs WLC Cisco IOS XE. Les attaquants peuvent déposer des fichiers et potentiellement exécuter des commandes en tant que root. https://t.co/ssyDowLeII
@cert_ist
30 May 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A severe vulnerability in Cisco’s IOS XE Wireless LAN Controllers (CVE-2025-20188) exposes enterprise networks to full control by remote attackers, thanks to a hard-coded JWT flaw. With a CVSS score of 10.0, the urgency for swift upgrades is critical; failing to act could lead.
@CybrPulse
30 May 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis https://t.co/Uuq6pfGlDQ https://t.co/e7eUwF0yTf
@Tinolle1955
29 May 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Our latest blog looks at CVE-2025-20188, an arbitrary file upload in #Cisco IOS XE Wireless Controllers due to a hardcoded credential. https://t.co/XTG5PmnoVh
@Horizon3Attack
29 May 2025
10572 Impressions
45 Retweets
97 Likes
36 Bookmarks
0 Replies
0 Quotes
🚨 Critical RCE flaw (CVE-2025-20188) found in Cisco IOS XE Wireless Controllers. CVSS 10.0 – allows unauthenticated remote access & full system takeover. Patch now or disable the vulnerable feature. 🔗 Full advisory: https://t.co/3y71YhZ9YM #CyberSecurity #Cisco http
@sequretek_sqtk
23 May 2025
33 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-20188
@transilienceai
16 May 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Critical vulnerabilities in Cisco and SonicWall: patch ASAP Both have disclosed critical vulnerabilities in their products that could allow attackers to gain full control over devices. Cisco : (CVE-2025-20188) https://t.co/a2dRulHZ2N via @kaspersky 2/2
@upgradeoptions
16 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-20188
@transilienceai
16 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Jár a tizes: kritikus sebezhetőség a Cisco IOS XE Wireless Controller rendszerében A Cisco nemrégiben egy rendkívül súlyos sebezhetőséget javított a IOS XE Wireless Controller szoftverében. A CVE-2025-20188 azonosítóval ellátott, 10-es CVSS pontszámú hiba lehet
@linuxmint_hun
15 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20188: Use of Hard-coded Credentials in Cisco IOS XE, 10.0 rating 🔥🔥🔥 Due to hard-coded JWT, Cisco IOS XE instances may be vulnerable to arbitrary file uploads. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/oYZDXVlEWr #cybersecurity #vulnerabilit
@Netlas_io
12 May 2025
3950 Impressions
10 Retweets
17 Likes
9 Bookmarks
0 Replies
0 Quotes
Threat Alert: Cisco Patches 35 Vulnerabilities Across Several Products - #CVE-2025-20188 CVE-2025-20188 Severity: ⚠️ Critical Maturity: 💥 Mainstream Learn more: https://t.co/SHMidmBob5 #CyberSecurity #ThreatIntel #InfoSec (1/3)
@fletch_ai
12 May 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-20188
@transilienceai
10 May 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Cisco has released software fixes to address a maximum-severity security flaw tracked as CVE-2025-20188 in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. https://t.co/iEXXUXtsGx https://t.co/
@riskigy
10 May 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes