Cisco Patches Critical Flaw in IOS XE Wireless Controller
Cisco has addressed a critical flaw in its IOS XE Wireless Controller that could allow an unauthenticated, remote attacker to upload arbitrary files and potentially gain root access and execute arbitrary commands. The vulnerability, tracked as CVE-2025-20188 (CVSS score 10), was fixed through software updates to the IOS XE Wireless Controller.
The vulnerability is due to a hard-coded JSON Web Token (JWT) on affected systems, which can be exploited by sending crafted HTTPS requests to the AP image download interface. An attacker could upload files, perform path traversal, and execute arbitrary commands with root privileges using this exploit.
Exploitation Requirements
The vulnerability can only be exploited if the Out-of-Band AP Image Download feature is enabled. However, Cisco notes that this feature is disabled by default.
To determine if your device is affected, run the command `show running-config | include ap upgrade`. If it returns `ap upgrade method https`, the Out-of-Band AP Image Download feature is enabled. In this case, the AP image download will use the CAPWAP method for the AP image update feature, which does not impact the AP client state.
Mitigation and Workaround
Cisco states that there is no workaround for this vulnerability, but it can be mitigated by disabling the Out-of-Band AP Image Download feature. The company urges users to disable this feature until a fix is applied, as users must assess the impact on their environment first.
Current Status
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any attacks in the wild exploiting this vulnerability at this time.
As always, we recommend that our followers stay vigilant and keep an eye out for updates on the latest security patches and vulnerabilities. Follow us on Twitter (@securityaffairs), Facebook, and Mastodon (SecurityAffairs – hacking, IOS XE Wireless Controller) for the latest news and information on cybersecurity and security patches.