Based on the Horizon3 evaluation, a hard-coded JSON Internet Token (JWT) is on the root of the exploit. “It’s essential to eradicate hard-coded secrets and techniques from authentication workflows, implement sturdy file add validation and path sanitization, and keep steady monitoring and patch administration throughout all important programs,” Barne added.
Diffing allowed finding hard-coded JWT
Tracked as CVE-2025-20188, the flaw disclosed earlier in Could was revealed to be a difficulty affecting the Out-of-Band Entry Level (AP) Obtain characteristic of Cisco IOS XE Software program for WLCs. The AP picture obtain interface makes use of a hard-coded JWT for authentication, which an attacker can use to authenticate requests with out legitimate credentials.
Horizon3 researchers diffed file system contents from ISO photos to reach on the Lua scripts, the place notable modifications have been discovered. The scripts referenced each JWT tokens and the related key, indicating their involvement within the vulnerability. The researchers then carried out a easy grep search throughout the supply code to find out how and the place these Lua scripts have been invoked.
