CVE-2025-20188 - Geek Feed

Exploit details for max severity Cisco IOS XE flaw now public

June 2, 2025June 2, 2025 geekfeed0Tagged cisco, Cisco IOS, CVE-2025-20188, exploit, File Upload, rce, RCE exploit script, Remote Code Execution, vulnerability

Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. The write-up by Horizon3 researchers does not contain a ‘ready-to-run’ proof of concept RCE exploit script, but it does provide enough information for a skilled attacker or […]

2 mins read

Cisco fixes max severity IOS XE flaw letting attackers hijack devices

May 12, 2025May 12, 2025 geekfeed0Tagged Authentication Bypass, cisco, CVE-2025-20188, Hardcoded Password, JWT, Token, vulnerability

Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices. This token is meant to authenticate requests to a feature called ‘Out-of-Band AP Image Download.’ Since it’s hard-coded, anyone can impersonate an authorized user […]

2 mins read