<ul><li>Cisco addressed a critical flaw in its IOS XE Wireless Controller that could allow an unauthenticated, remote attacker to upload arbitrary files.</li><li>The vulnerability, tracked as CVE-2025-20188 with a CVSS score of 10, can be exploited by sending crafted HTTPS requests to the AP image download interface.</li><li>Exploiting the flaw could lead to gaining root access and executing arbitrary commands on the vulnerable system.</li><li>To mitigate the vulnerability, Cisco recommends disabling the Out-of-Band AP Image Download feature until software updates are applied.</li></ul>

Cisco fixed a critical flaw in its IOS XE Wireless Controller

Discover more