CVE-2025-20188

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software for Wireless LAN Controllers (WLCs) versions prior to 17.12.04 Catalyst 9800-CL Wireless Controllers for Cloud versions prior to 17.12.04 Catalyst 9800 Embedded Wireless Controller for 9300, 9400, and 9500 Series Switches versions prior to 17.12.04 Catalyst 9800 Series Wireless Controllers versions prior to 17.12.04 Embedded Wireless Controller on Catalyst APs versions prior to 17.12.04

Description A critical vulnerability exists in Cisco IOS XE Software for Wireless LAN Controllers (WLCs) due to the presence of a hard-coded JSON Web Token (JWT). This allows an unauthenticated, remote attacker to upload arbitrary files to an affected system by sending crafted HTTPS requests to the Out-of-Band AP Image Download feature. Successful exploitation can lead to path traversal and arbitrary command execution with root privileges. This vulnerability is actively exploited. The vulnerability is exploitable only if the Out-of-Band AP Image Download feature is enabled. The hard-coded JWT allows attackers to bypass authentication. The vulnerability has been exploited by the Salt Typhoon group. Approximately 900+ systems are found to be vulnerable.

Recommendations Apply the software update to version 17.12.04 or later. Disable the Out-of-Band AP Image Download feature as a temporary workaround.