Cisco Fixes CVE-2025-20188 vulnerability in Cisco IOS XE Allowing Root Access via JWT
Cisco has released a patch for CVE-2025-20188, a critical vulnerability (CVSS 10.0) in IOS XE Wireless Controller software. The flaw allows unauthenticated remote attackers to upload arbitrary files and execute commands with root-level privileges. The root cause is a hard-coded JSON Web Token (JWT) embedded in affected systems. Attackers can exploit this by sending crafted …
Cisco Fixes CVE-2025-20188 vulnerability in Cisco IOS XE Allowing Root Access via JWT Read More »