- Apple Mail freezing after updating to iOS 18.5? Here's a fix you can try
- Scattered Spider Uses Tech Vendor Impersonation to Target Helpdesks
- How to clear your iPhone cache for a quick and easy performance boost
- 5 things I always consider before buying an air purifier - after testing many
- From Design to Impact: Circular design across Cisco’s product life cycle
Cisco Wireless LAN Controllers under threat again after critical exploit details go public
According to the Horizon3 analysis, a hard-coded JSON Web Token (JWT) is at the root of the exploit. “It’s crucial to eliminate hard-coded secrets from authentication workflows, enforce robust file upload validation and path sanitization, and maintain continuous monitoring and patch management across all critical systems,” Barne added.
Diffing allowed locating hard-coded JWT
Tracked as CVE-2025-20188, the flaw disclosed earlier in May was revealed to be an issue affecting the Out-of-Band Access Point (AP) Download feature of Cisco IOS XE Software for WLCs. The AP image download interface uses a hard-coded JWT for authentication, which an attacker can use to authenticate requests without valid credentials.
Horizon3 researchers diffed file system contents from ISO images to arrive at the Lua scripts, where notable changes were found. The scripts referenced both JWT tokens and the associated key, indicating their involvement in the vulnerability. The researchers then performed a simple grep search across the source code to determine how and where these Lua scripts were invoked.
