Details on a wireless LAN controller (WLC) of 10.0 Cisco iOS Xe Cisco corrected on May 7 have been made public, bringing the industry together with a work feat and encouraging the security pros to say to the teams to patcher immediately. “This is a removal of everything and corrects ” said Casey Ellis, founder of Bugcrowd.” Waiting is not an option. ” May 29 blog By horizon3.Ai the researchers do not include proof of complete concept (POC), it offers enough clues for a qualified threat actor or even an armed attacker of a large language model (LLM) to embellish the script and launch attacks. CVE-20225-20188 – is a bug in the Cisco iOS Xe software caused by a hard -coded authentication token used. This causes a security risk because identification information is often left in raw text, which makes them vulnerable to attackers. “The bug allows attackers to carry out paths crossings, download arbitrary files and, ultimately, to execute commands on affected devices,” said Sebre. “The result is a complete control of the device.” Nic Adams, co-founder and CEO of 0rcus, explained that CVE-20125-20188 is a critical bug in the iOS XE software of Cisco for WLCS which derives a jet of web JSON (JWT). The default system uses the “Notfound” channel as Secret JWT, which allows non -authenticated attackers to make valid JWTs and download arbitrary files via / AP_SPEC_REC / Upload / Final point on HTTPS (Port 8443). Scripts, ”said Adams. “Consequently, this leads to the execution of remote code (RCE) with root privileges … which can allow attackers to install malicious software / persistent waste, intercept or reach network traffic, move laterally within the network to compromise additional systems and disturb network operations.” BUGCROWD’s Ellis added that CVE-2025-20188 presents security teachers with an example of a manual of why anti-motives in software security. Ellis said that the use of “notfound” as a Secret JWT for help with the defeat essentially all the purpose of authentication based on tokens. “It’s like locking your front door, but leaving the key under the carpet with a sign that says” the key here “, said Ellis. “The combination of this with a validation of a weak path creates a perfect storm for the attackers to exploit.” Ellis explained that by taking advantage of the predictable rescue secret, attackers can develop valid JWT to circumvent authentication. From there, the defect in downloading arbitrary files allows attackers to plant malware – web shells, modified configurations or other useful charges – on the target system. Ellis added that Cisco iOS XE is widely deployed in business and service service environments, which means that successful exploits could cause significant disruption or compromise for sensitive data. has serious consequences, ”said Ellis. “For security teams, the priority is clear: the corrective immediately. If the fix is not possible, in the short term, implement compensation controls such as the restriction of access to affected termination points, monitoring suspicious file downloads and the deactivation of unnecessary services.”
