Exploit details for max severity Cisco IOS XE flaw now public

Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit.

The write-up by Horizon3 researchers does not contain a ‘ready-to-run’ proof of concept RCE exploit script, but it does provide enough information for a skilled attacker or even an LLM to fill in the missing pieces.

Given the immediate risk of weaponization and widespread use in attacks, it is recommended that impacted users take action now to protect their endpoints.

The Cisco IOS XE WLC flaw

Cisco disclosed the critical flaw in IOS XE Software for Wireless LAN Controllers on May 7, 2025, which allows an attacker to take over devices.

The vendor said it is caused by a hard-coded JSON Web Token (JWT) that allows an unauthenticated, remote attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges.

The bulletin noted that CVE-2025-20188 is only dangerous when the ‘Out-of-Band AP Image Download’ feature is enabled on the device, in which case, the following device models are at risk:

• Catalyst 9800-CL Wireless Controllers for Cloud
• Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
• Catalyst 9800 Series Wireless Controllers
• Embedded Wireless Controller on Catalyst APs

Horizon3’s attack example

Horizon3’s analysis shows that the flaw exists due to a hardcoded JWT fallback secret (“notfound”) used by the backend Lua scripts for upload endpoints combined with insufficient path validation.

Specifically, the backend uses OpenResty (Lua + Nginx) scripts to validate JWT tokens and handle file uploads, but if the ‘/tmp/nginx_jwt_key’ file is missing, the script falls back to the string “notfound” as the secret to verify JWTs.

This basically allows attackers to generate valid tokens without knowing any secrets by simply using ‘HS256’ and ‘notfound.’

Horizon3’s example sends an HTTP POST request with a file upload to the ‘/ap_spec_rec/upload/’ endpoint via port 8443 and uses filename path traversal to drop an innocuous file (foo.txt) outside the intended directory.

To escalate the file upload flaw to remote code execution, the attacker could overwrite configuration files loaded by backend services, drop web shells, or abuse monitored files to trigger unauthorized actions.

Horizon3’s example abuses the ‘pvp.sh’ service that monitors specific directories, overwrites the config files it depends on, and triggers a reload even to run attacker commands.

Given the elevated risk of exploitation, users are recommended to upgrade to a patched version (17.12.04 or newer) as soon as possible.

As a temporary workaround, admins can turn off the Out-of-Band AP Image Download feature to close the vulnerable service.

Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.

Read the Red Report 2025