In line with the Horizon3 evaluation, a hard-coded JSON Net Token (JWT) is on the root of the exploit. “It’s essential to eradicate hard-coded secrets and techniques from authentication workflows, implement sturdy file add validation and path sanitization, and preserve steady monitoring and patch administration throughout all vital programs,” Barne added.
Diffing allowed finding hard-coded JWT
Tracked as CVE-2025-20188, the flaw disclosed earlier in Might was revealed to be an problem affecting the Out-of-Band Entry Level (AP) Obtain characteristic of Cisco IOS XE Software program for WLCs. The AP picture obtain interface makes use of a hard-coded JWT for authentication, which an attacker can use to authenticate requests with out legitimate credentials.
Horizon3 researchers diffed file system contents from ISO photographs to reach on the Lua scripts, the place notable adjustments had been discovered. The scripts referenced each JWT tokens and the related key, indicating their involvement within the vulnerability. The researchers then carried out a easy grep search throughout the supply code to find out how and the place these Lua scripts had been invoked.
