Security News > 2025 > May > Exploit details for max severity Cisco IOS XE flaw now public

Exploit details for max severity Cisco IOS XE flaw now public

2025-05-31 14:09

Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. [...]

News URL

https://www.bleepingcomputer.com/news/security/exploit-details-for-max-severity-cisco-ios-xe-flaw-now-public/

#cisco #exploit #IOS #CVE-2025-20188

Related news

Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT (source)
⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More (source)
Cisco fixes max severity IOS XE flaw letting attackers hijack devices (source)

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2025-05-07	CVE-2025-20188	A vulnerability in the Out-of-Band Access Point (AP) Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. network low complexity CWE-798 critical	10.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Cisco		2048	21	1790	1683	288	3782

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.