5 matches found
The Ongoing Risks of Hardcoded JWT Keys
In early May 2025, Cisco released software fixes to address a flaw in its IOS XE Software for Wireless LAN Controllers WLCs. The vulnerability, tracked as CVE-2025-20188, has a CVSS score of 10.0 and could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible syste...
Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT
Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. The vulnerability, tracked as CVE-2025-20188 , has been rated 10.0 on the CVSS...
CVE-2025-20188
creationtimestamp| type| source ---|---|--- 2025-05-07 18:41:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lom2f62b632p 2025-05-08 02:43:45+00:00| seen| https://bsky.app/profile/dinosn.bsky.social/post/3lomvcpjlfc2z 2025-05-08 02:57:00+00:00| seen|...
CVE-2025-20188
A vulnerability in the Out-of-Band Access Point AP Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. Th...
CVE-2025-20188
A vulnerability in the Out-of-Band Access Point AP Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. Th...