Cisco has corrected maximum severity, CVSS 10.0, vulnerability in its iOS XE software for wireless LAN controllers (WLC). Vulnerability, followed as CVE-2025-20188Could allow a distant and non -authenticated attacker to download arbitrary files, reach the crossing of the path and execute arbitrary orders with root privileges on affected devices, according to A Cisco security notice Posted Wednesday. This is due to a JSON hard code web token (JWT) in the affected software that could allow an attacker to get around authentication. An attacker with access to this JWT can then send HTTPS requests designed to the device via the Image Download (AP) Outside Strip (AP) of Cisco iOS Xe software to download arbitrary files. Image Download AP Outside Strip Must be activated for the CVE-2025-20188 to be used and it is not activated by default, noted Cisco. This feature allows software images and configurations to be downloaded from APS via HTTPS rather than the wireless access point control and supply protocol (CAPWAP) and is designed for situations where CAPWAP cannot be used, for example when the APS are outside the latest WLC version to fully solve the vulnerability of customers. Customers can use the Cisco software verifier To determine if they perform a vulnerable version and identify the upgrade necessary to correct all vulnerabilities. Products identified as being affected by vulnerability, if the execution of a vulnerable version of iOS XE software with the IP image download function off-strip is activated by the 9800-cld catalyst for cloud, the 9800 catalyst, a cuddly controller in catalyst 9300, 9400, 9800, 9800 wireless control for the catalysis 9300, 9400 Wireless. Switzers, the Catalyst 9800 serial wireless controllers and the integrated wireless controller on Catalyst APS.users can also determine whether the IP image download function is activated by performing the command “Show Runn-Config | Including AP ”command, which will refer the PA HTTPS upgrade method” if it is activated. Image downloads to occur via the Capwap method. As could have an impact on the possibility for certain APs to receive updates, Cisco declares that customers “should not deploy bypass or attenuations before first assessing applicability to their own environment and any impact on such an environment.” Cisco software defects are Among the most targeted by the attackers Because of their critical role in the management of organizational networks. Two older vulnerabilities in Cisco iOS Xe, followed as CVE-2023-20198 And CVE-2023-2027were recently targeted In attacks on American telecommunications companies by the piracy gang sponsored by the state of China, Redmike. The CVE-2025-20188 would not be exploited by the attackers in the wild, any more than Cisco will not be exploited by Cisco.
