<ul><li>Details of a critical vulnerability, tracked as CVE-2025-20188, impacting Cisco IOS XE WLC have been made public.</li><li>An unauthenticated, remote attacker could exploit the flaw to upload arbitrary files, perform path traversal, and execute arbitrary commands with root privileges.</li><li>The vulnerability impacts various Cisco products such as Catalyst 9800 Series Wireless Controllers and Embedded Wireless Controller on Catalyst APs.</li><li>Users are urged to disable the Out-of-Band AP Image Download feature as a mitigation while awaiting a fix, as no workaround exists.</li></ul>

Experts published a detailed analysis of Cisco IOS XE WLC flaw CVE-2025-20188

Discover more