SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Technical Details Published for Critical Cisco IOS XE Vulnerability

The critical flaw, tracked as CVE-2025-20188 (CVSS score of 10/10), allows attackers to execute arbitrary code remotely.

Technical details have been released for a recently patched critical-severity vulnerability in Cisco IOS XE that could be exploited for remote code execution (RCE).

Tracked as CVE-2025-20188 (CVSS score of 10/10), the bug is described as an arbitrary file upload that exists because of a hardcoded JSON Web Token (JWT).

Cisco announced fixes for the security defect on May 7, explaining that attackers could exploit it remotely, without authentication, by sending crafted HTTPS requests to the Out-of-Band Access Point (AP) image download interface of a vulnerable system.

Successful exploitation of the issue could allow attackers to perform path traversal, upload arbitrary files, and execute commands with root privileges, Cisco said, underlining that only systems with the Out-of-Band AP image download feature enabled are vulnerable.

The bug affects Catalyst 9800 series wireless controllers, Catalyst 9800-CL wireless controllers for cloud, the Catalyst 9800 embedded wireless controller for 9300, 9400, and 9500 series switches, and the embedded wireless controller for Catalyst APs, the company said.

Last week, Horizon3.ai published a technical analysis of the vulnerability, explaining that the vulnerable feature runs as a separate service on port 8443.

Advertisement. Scroll to continue reading.

Horizon3.ai discovered that an attacker could achieve RCE by overwriting an existing configuration file with their own commands and then uploading a new file to a specific directory that would trigger a service restart.

 “After digging through those services, we discovered an internal process management service (pvp.sh) that waits for files to be written to a specific directory. Once a change is detected, it can trigger a service reload based on the commands specified in the service’s config file,” the security firm explains.

Users are advised to upgrade to a patched Cisco IOS XE software release or disable the Out-of-Band AP image download feature if the upgrade cannot be performed.

Related: Veeam Patches Critical Vulnerability in Backup & Replication

Related: ChatGPT Tool Vulnerability Exploited Against US Government Organizations

Related: Critical OpenPGP.js Vulnerability Allows Spoofing

Related: Code Execution Flaw Found in Nuclei Vulnerability Scanner

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: A Step-by-Step Approach to AI Governance
April 28, 2026

With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.

Register

Virtual Event: Threat Detection and Incident Response Summit
May 20, 2026

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

People on the Move

Anti-ransomware platform Halcyon has named Kirstjen Nielsen and Chris Inglis as Strategic Advisors.

ThreatModeler has appointed Kevin Gallagher as Chief Executive Officer.

Thomas Bain has been appointed Chief Marketing Officer at Silent Push.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.