Cisco has launched software program fixes to handle a maximum-severity safety flaw in its IOS XE Wi-fi Controller that might allow an unauthenticated, distant attacker to add arbitrary recordsdata to a vulnerable system.
The vulnerability, tracked as CVE-2025-20188, has been rated 10.0 on the CVSS scoring system.
“This vulnerability is because of the presence of a hard-coded JSON Net Token (JWT) on an affected system,” the corporate mentioned in a Wednesday advisory.
“An attacker might exploit this vulnerability by sending crafted HTTPS requests to the AP picture obtain interface. A profitable exploit might permit the attacker to add recordsdata, carry out path traversal, and execute arbitrary instructions with root privileges.”
That mentioned, to ensure that the exploitation to achieve success, the Out-of-Band AP Picture Obtain function should be enabled on the machine. It is disabled by default.
The next merchandise are affected, if they’ve a weak launch working and have the Out-of-Band AP Picture Obtain function turned on –
- Catalyst 9800-CL Wi-fi Controllers for Cloud
- Catalyst 9800 Embedded Wi-fi Controller for Catalyst 9300, 9400, and 9500 Collection Switches
- Catalyst 9800 Collection Wi-fi Controllers
- Embedded Wi-fi Controller on Catalyst APs
Whereas updating to the newest model is the perfect plan of action, as short-term mitigations, customers can disable the function till an improve might be carried out.
“With this function disabled, AP picture obtain will use the CAPWAP methodology for the AP picture replace function, and this doesn’t influence the AP shopper state,” Cisco added.
The networking gear main credited X.B. of the Cisco Superior Safety Initiatives Group (ASIG) for locating the reporting the bug throughout inner safety testing. There isn’t any proof that the vulnerability has been maliciously exploited within the wild.
