10

CVE-2025-20188

Media report

Exploit

EPSS 3.11%
Published 07.05.2025 17:34:36
Last modified 23.06.2025 15:15:11
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.

 This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system.  An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP file upload interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ios Xe Version17.11.1

Cisco ≫ Ios Xe Version17.11.99sw

Cisco ≫ Ios Xe Version17.12.1

Cisco ≫ Ios Xe Version17.12.2

Cisco ≫ Ios Xe Version17.12.3

Cisco ≫ Ios Xe Version17.13.1

Cisco ≫ Ios Xe Version17.14.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.11%	0.863

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
psirt@cisco.com	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.heise.de/news/Sicherheitsupdates-Root-und-DoS-Attacken-auf-Cisco-Produkte-moeglich-10375924.html

Medienbericht

heise Security

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC

Vendor Advisory

https://horizon3.ai/attack-research/attack-blogs/cisco-ios-xe-wlc-arbitrary-file-upload-vulnerability-cve-2025-20188-analysis/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-20188

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-20188

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-20188

EUVD