Critical Cisco IOS XE Vulnerability Exposes Devices to Remote Attacks
BleepingComputer
|
Contributed by: Drex DeFord
Summary
A critical vulnerability in Cisco's IOS XE software, known as CVE-2025-20188, has been disclosed, raising security concerns. This flaw enables unauthorized remote attackers to upload files and execute commands, particularly when the 'Out-of-Band AP Image Download' feature is active. Identified through hard-coded JSON Web Token issues and insufficient path validation, the vulnerability affects various Catalyst 9800 series wireless controllers. Researchers from Horizon3 demonstrated how attackers could exploit the flaw to bypass authentication and execute code remotely, potentially compromising device security.