π¨
SEVERITY: CRITICAL β CVSS 10.0
Security Advisory
TL;DR π
- A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) onβ¦
- No fixed release listed yet; apply mitigations and monitor.
- Workarounds are documented in the advisory.
- CVEs: CVE-2025-20188.
What happened π΅οΈββοΈ
A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.