CVE-2025-20190: Auth Remote Deletion via Cisco IOS XE WLC Lobby Ambassador API
CVE-2025-20190 Published on May 7, 2025
A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attacker to remove arbitrary users that are defined on an affected device. This vulnerability is due to insufficient access control of actions executed by lobby ambassador users. An attacker could exploit this vulnerability by logging in to an affected device with a lobby ambassador user account and sending crafted HTTP requests to the API. A successful exploit could allow the attacker to delete arbitrary user accounts on the device, including users with administrative privileges. Note: This vulnerability is exploitable only if the attacker obtains the credentials for a lobby ambassador account. This account is not configured by default.
Vulnerability Analysis
CVE-2025-20190 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2025-20190 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2025-20190
Want to know whenever a new CVE is published for Cisco IOS XE? stack.watch will email you.
Affected Versions
Cisco IOS XE Software:- Version 17.6.8 is affected.
- Version 17.9.6 is affected.
- Version 17.9.6a is affected.
- Version 17.12.1z2 is affected.
- Version 17.12.1z3 is affected.
- Version 17.15.1 is affected.
- Version 17.15.1x is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.