
Mobile Malware Alert: Anatsa Targets Travel Firms for Financial Fraud
Overview A sophisticated strain of mobile banking malware known as Anatsa has resurfaced, now targeting travel firms and their customers for financial fraud. Anatsa differs…
Cisco recently disclosed a critical vulnerability in their IOS XE Software for Wireless LAN Controllers (WLC), which has come to the fore again after public release of technical exploit details. It is tracked as CVE-2025-20188 and allows for arbitrary file upload, potentially leading to complete system compromise. If you have an affected device, treat this as a high-priority issue.
The vulnerability was initially disclosed by Cisco on 7 May 2025, with a CVSS severity score of 10.0 (the highest level of risk), but security firm Horizon3 has published an in-depth analysis, including a working exploit path, significantly increasing the likelihood of real-world attacks.
It was established that backend Lua scripts used for upload endpoints rely on a hardcoded JWT secret (“notfound”) when verifying tokens. Attackers can exploit this by generating valid tokens using the HS256 algorithm with the known fallback secret, bypassing authentication. Once authenticated, attackers could send a HTTP POST request to port 8443, uploading files to unintended locations via path traversal techniques.
Such activities can result in full remote code execution, allowing attackers to take control of the device, maintain persistence, and potentially pivot to other parts of the network.
The vulnerability specifically affects systems running Cisco IOS XE Software for Wireless LAN Controllers. Organisations with public-facing or internet-exposed management interfaces are particularly at risk, especially if patches have not yet been applied.
To help mitigate the risks, consider the following:
While this vulnerability is technical in nature, the steps to defend against it are clear and should be acted upon, with Cisco and other experts highlighting the risks being a trigger to action.