Cisco Flaw Lets Hackers Seize Wireless Controllers

Cisco Systems Inc. has disclosed a critical vulnerability in its IOS XE Wireless LAN Controllers that could let remote attackers take full control of affected devices without authentication. Tracked as CVE-2025-20188, the flaw carries a maximum CVSS severity score of 10.0 and stems from a hard-coded JSON Web Token in the Out-of-Band Access Point Image Download feature.

According to a May 7 advisory, attackers can exploit the bug by sending crafted HTTPS requests to the AP image download interface, enabling arbitrary file uploads, directory traversal, and command execution with root privileges.

Impacted products include Catalyst 9800-CL, 9800 Series Wireless Controllers, and embedded controllers on Catalyst APs and switches. Cisco has released software updates and recommends immediate patching. No workarounds exist, though disabling the vulnerable feature can serve as a temporary mitigation. The flaw was found internally by Cisco’s Advanced Security Initiatives Group. No exploitation in the wild has been reported as of publication.