Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit.
The write-up by Horizon3 researchers does not contain a ‘ready-to-run’ proof of concept RCE exploit script, but it does provide enough information for a skilled attacker or even an LLM to fill in the missing pieces.
Given the immediate risk of weaponization and widespread use in attacks, it is recommended that impacted users take action now to protect their endpoints.
The Cisco IOS XE WLC flaw Cisco disclosed the critical flaw in IOS XE Software for Wireless LAN Controllers on May 7, 2025, which allows an attacker to take over devices.
The vendor said it is caused by a hard-coded JSON Web Token (JWT) that allows an unauthenticated, remote attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges.
The bulletin noted that CVE-2025-20188 is only dangerous when the ‘Out-of-Band AP Image Download’ feature is enabled on the device, in which case, the following device models are at risk: Catalyst 9800-CL Wireless Controllers for Cloud Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches Catalyst 9800 Series Wireless Controllers Embedded Wireless Controller on Catalyst APs Horizon3’s attack example Horizon3’s analysis shows that the flaw exists due to a hardcoded JWT fallback secret (“notfound”) used by the backend Lua scripts for upload endpoints combined with insufficient path validation.
Contact us : 0915579536
Or on the website digitalonion.ly
Visit us at our company address: Tripoli – Andalus Street – Next to the Iraqi Embassy.
Leave a Reply