Home Cisco CVE-2025-20188
Back to Cisco

CVE-2025-20188

Cisco IOS XE - Wireless LAN Controllers

Cisco CVSS 10 Updated March 16, 2026

Executive Risk Summary

"A vulnerability in Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system, potentially leading to code execution with root privileges. This is due to a hard-coded JSON Web Token (JWT) that can be exploited via crafted HTTPS requests to the AP file upload interface."

Operational Audit Arsenal

Target Type Firmware Image
Target Asset Cisco IOS XE Image
Standard Path Global Firmware

Manual Verification Required

This is a non-Windows asset (Cisco). Use the target asset details above to verify your version against vendor advisories.

Patch Impact Forecast

Reboot Required Likely

Network connectivity may be interrupted during the update process

Internal Work Notes

CVE-2025-20188: Unauthenticated arbitrary file upload vulnerability in Cisco IOS XE Wireless LAN Controllers, potentially allowing code execution with root privileges. Verify version and apply patch according to Cisco Security Advisory (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC)

Intelligence Sources

Official Advisoryhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC
Official Advisoryhttps://horizon3.ai/attack-research/attack-blogs/cisco-ios-xe-wlc-arbitrary-file-upload-vulnerability-cve-2025-20188-analysis/

Related Cisco Threats

CVE-2026-20079 CVSS 10

Secure Firewall Management Center (FMC) Software
CVE-2026-20127 CVSS 10

Catalyst SD-WAN Controller - Peering Authentication
CVE-2025-20281 CVSS 10

Cisco ISE - API

Scope of Impact

Cisco Ios Xe (Version 17.12.3)Cisco Ios Xe (Version 17.11.99sw)Cisco Ios Xe (Version 17.13.1)Cisco Ios Xe (Version 17.14.1)Cisco Ios Xe (Version 17.12.1)Cisco Ios Xe (Version 17.12.2)Cisco Ios Xe (Version 17.11.1)

Original NVD Description

"A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP file upload interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges."

Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.