Flaw in Cisco Wireless LAN Controller

A critical vulnerability in Cisco IOS XE Wireless LAN Controller software is raising alarms over the risk of remote code execution (RCE). Tracked as CVE-2025-20188, the flaw stems from an unauthenticated arbitrary file upload vulnerability caused by a hardcoded JSON Web Token secret.

Researchers at Horizon3 detailed the vulnerability affecting versions 17.12.03 and earlier, warning that skilled attackers—or AI models—could chain the flaw to achieve full system compromise. The exploit targets Cisco’s widely deployed Catalyst 9800 series controllers, used by enterprises, government bodies, and large venues globally.

Through reverse-engineering, researchers found attackers could exploit endpoints like /aparchive/upload to achieve path traversal and upload malicious files. Further, they uncovered how the system’s process manager pvp.sh can be manipulated to execute arbitrary commands.

While Cisco has released patches in version 17.12.04, it advises disabling the vulnerable Out-of-Band AP Image Download feature as an immediate mitigation. With the technical details now public, security experts warn that the threshold for building real-world exploits has dramatically lowered.