Cisco

A critical security vulnerability in Cisco IOS XE Wireless Controller Software has been identified, allowing attackers to achieve remote code execution with root privileges. The flaw stems from a hard-coded JSON Web Token (JWT) present in the Out-of-Band Access Point (AP) Image Download feature. This vulnerability affects multiple enterprise-grade wireless controller products, including Catalyst 9800-CL Wireless Controllers for Cloud, Catalyst 9800 Embedded Wireless Controllers, and Catalyst 9800 Series Wireless Controllers. The vulnerability, tracked as CVE-2025-20188, has been assigned the maximum CVSS score of 10.0, highlighting its severe impact on affected systems.

Source: https://cybersecuritynews.com/cisco-ios-xe-vulnerability-poc/

TPRM report: https://scoringcyber.rankiteo.com/company/cisco

"id": "cis719053025",
"linkid": "cisco",
"type": "Vulnerability",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Networking Equipment',
                        'name': 'Cisco',
                        'size': 'Large Enterprise',
                        'type': 'Technology Company'}],
 'attack_vector': 'Remote Code Execution',
 'date_detected': '2025-05-07',
 'date_publicly_disclosed': '2025-05-07',
 'description': 'A critical security vulnerability in Cisco IOS XE Wireless '
                'Controller Software allows unauthenticated remote attackers '
                'to achieve remote code execution with root privileges.',
 'impact': {'systems_affected': ['Catalyst 9800-CL Wireless Controllers for '
                                 'Cloud',
                                 'Catalyst 9800 Embedded Wireless Controllers '
                                 'for Catalyst 9300/9400/9500 Series Switches',
                                 'Catalyst 9800 Series Wireless Controllers',
                                 'Embedded Wireless Controller on Catalyst '
                                 'APs']},
 'initial_access_broker': {'backdoors_established': 'Hard-coded JWT secret '
                                                    "'notfound'",
                           'entry_point': '/aparchive/upload and '
                                          '/ap_spec_rec/upload/',
                           'high_value_targets': 'Enterprise-grade wireless '
                                                 'controllers'},
 'lessons_learned': 'Immediate patching and auditing of wireless '
                    'infrastructure to identify exposed systems.',
 'motivation': 'System Compromise',
 'post_incident_analysis': {'corrective_actions': 'Software updates and '
                                                  'disabling vulnerable '
                                                  'features',
                            'root_causes': 'Hard-coded JWT present in the '
                                           'Out-of-Band Access Point (AP) '
                                           'Image Download feature'},
 'recommendations': 'Organizations should disable the Out-of-Band AP Image '
                    'Download feature and apply software updates.',
 'references': [{'date_accessed': '2025-05-07', 'source': 'Cisco Disclosure'}],
 'response': {'containment_measures': 'Disable the Out-of-Band AP Image '
                                      'Download feature',
              'remediation_measures': 'Software updates and patches'},
 'title': 'Cisco IOS XE Wireless Controller Software Vulnerability',
 'type': 'Software Vulnerability',
 'vulnerability_exploited': 'CVE-2025-20188'}