Main Vulnerability Database Vulnerabilities #VU108779

Use of hard-coded credentials in Cisco Systems, Inc products - CVE-2025-20188

Published: May 7, 2025

Vulnerability identifier: #VU108779

CSH Severity: Critical

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red

CVE-ID: CVE-2025-20188

CWE-ID: CWE-798

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Catalyst 9800-CL Wireless Controllers for Cloud
Catalyst 9800 Embedded Wireless Controller
Catalyst 9800 Series Wireless Controllers
Cisco IOS XE

Detailed vulnerability description

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to the presence of a hard-coded JSON Web Token (JWT) within the Out-of-Band AP Image Download feature. A remote unauthenticated attacker can send specially crafted HTTPS requests to the AP image download interface and upload arbitrary files to the system.

Successful exploitation of the vulnerability may result in full system compromise.

How to mitigate CVE-2025-20188

Install updates from vendor's website.

This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco IOS XE Software for WLCs and have the Out-of-Band AP Image Download feature enabled:

Catalyst 9800-CL Wireless Controllers for Cloud
Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
Catalyst 9800 Series Wireless Controllers
Embedded Wireless Controller on Catalyst APs

Use of hard-coded credentials in Cisco Systems, Inc products - CVE-2025-20188

Detailed vulnerability description

How to mitigate CVE-2025-20188

Sources

Please verify you're human