Cisco Releases May 2025 IOS XE Software Security Advisory Bundled Publication

Bundled publication contains 20 security advisories, including one critical vulnerability

Threat ID:: CC-4652
Threat Severity:: Medium
Published:: 8 May 2025 1:56 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Bundled publication contains 20 security advisories, including one critical vulnerability

Affected platforms

The following platforms are known to be affected:

Cisco IOS XE

Cisco IOS

Cisco IOS XR

The following platforms are also known to be affected:

Additional Cisco products are affected; please see individual advisories listed in the bundled publication.

Threat details

Proof-of-concept exploit released for CVE-2025-20188

Security researchers have published a public proof-of-concept exploit for CVE-2025-20188. The NHS England National CSOC assesses exploitation of this vulnerability as more likely.

Introduction

Cisco has released 20 security advisories that describe 26 vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Cisco IOS (internetwork operating system) is the operating system used on Networking devices. Cisco IOS XE is a modular version of that operating system, used on newer enterprise networking devices.

Cisco has released software updates that address these vulnerabilities. One critical and two high severity vulnerabilities are highlighted below.

Vulnerability Details

CVE-2025-20188 has a CVSSv3 score of 10.0 and is within the out-of-band access point download feature. If successfully exploited, a remote unauthenticated attacker could upload arbitrary files to an affected system.
CVE-2025-20186 has a CVSSv3 score of 8.8 and is within the web-based management interface of the wireless LAN controller feature. If successfully exploited, a remote, authenticated attacker could perform command injection. The attacker must have access to a lobby ambassador user account.
CVE-2025-20164 has a CVSSv3 score of 8.3 and is in the Cisco industrial ethernet switch device manager. If successfully exploited, a remote, authenticated attacker could elevate privileges. The attacker must have valid credentials for a user account with privilege level 5 or higher.

Cisco's May 2025 IOS XE Software Security Advisory Bundled Publication describes a further 23 vulnerabilities in 17 advisories, comprising 10 high and 7 medium security impact ratings.

Threat updates

Date	Update
30 May 2025	Proof-of-concept exploit released for CVE-2025-20188

Remediation advice

Affected organisations are encouraged to review Cisco's May 2025 IOS XE Software Security Advisory Bundled Publication and apply the relevant updates as soon as practicable.

The security advisories below relate to the previous highlighted vulnerabilities.

Remediation steps

Type	Step
Patch	Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability \| cisco-sa-wlc-file-uplpd-rHZG9UfC https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC
Patch	Cisco IOS XE Software Web-Based Management Interface Command Injection Vulnerability \| cisco-sa-webui-cmdinj-gVn3OKNC https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-gVn3OKNC
Patch	Cisco IOS Software Industrial Ethernet Switch Device Manager Privilege Escalation Vulnerability \| cisco-sa-ios-http-privesc-wCRd5e3 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-privesc-wCRd5e3

Definitive source of threat updates

https://sec.cloudapps.cisco.com/security/center/publicationListing.x

CVE Vulnerabilities

Status Published

CVE-2025-20188

A vulnerability in the Out-of-Band Access Point (AP) Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges. Note: For exploitation to be successful, the Out-of-Band AP Image Download feature must be enabled on the device. It is not enabled by default.

Status Published

CVE-2025-20186

A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with a lobby ambassador user account to perform a command injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with privilege level 15. Note: This vulnerability is exploitable only if the attacker obtains the credentials for a lobby ambassador account. This account is not configured by default.

Status Published

CVE-2025-20164

A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to elevate privileges to privilege level 15. To exploit this vulnerability, the attacker must have valid credentials for a user account with privilege level 5 or higher. Read-only DM users are assigned privilege level 5.

Last edited: 30 May 2025 10:42 am