ET EXPLOIT Cisco IOS XE WLC Arbitrary File Upload Attempt (CVE-2025-20188)

SID: 2062916Rev: 131 views

Sourceet/open

CreatedJune 12, 2025

UpdatedJune 12, 2025

Classificationattempted-admin

alert http any any -> $HOME_NET any (msg:"ET EXPLOIT Cisco IOS XE WLC Arbitrary File Upload Attempt (CVE-2025-20188)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/upload/"; fast_pattern; http.cookie; content:"jwt="; content:"."; base64_decode:offset 0,relative; base64_data; content:"cdb_token_request_id1"; reference:url,horizon3.ai/attack-research/attack-blogs/cisco-ios-xe-wlc-arbitrary-file-upload-vulnerability-cve-2025-20188-analysis/; reference:cve,2025-20188; classtype:attempted-admin; sid:2062916; rev:1; metadata:affected_product Cisco_IOS, attack_target Networking_Equipment, created_at 2025_06_12, cve CVE_2025_20188, deployment Perimeter, deployment Internal, performance_impact Moderate, confidence Medium, signature_severity Major, updated_at 2025_06_12; target:dest_ip;)

References

url	horizon3.ai/attack-research/attack-blogs/cisco-ios-xe-wlc-arbitrary-file-upload-vulnerability-cve-2025-20188-analysis/
cve	2025-20188

Metadata

affected productCisco_IOS

attack targetNetworking_Equipment

created at2025_06_12

cveCVE-2025-20188

deploymentInternal

performance impactModerate

confidenceMedium

signature severityMajor

updated at2025_06_12

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!