Description

A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attacker to remove arbitrary users that are defined on an affected device. This vulnerability is due to insufficient access control of actions executed by lobby ambassador users. An attacker could exploit this vulnerability by logging in to an affected device with a lobby ambassador user account and sending crafted HTTP requests to the API. A successful exploit could allow the attacker to delete arbitrary user accounts on the device, including users with administrative privileges. Note: This vulnerability is exploitable only if the attacker obtains the credentials for a lobby ambassador account. This account is not configured by default.

INFO

Published Date :

2025-05-07T17:34:54.487Z

Last Modified :

2025-05-07T19:45:20.972Z

Source :

cisco
AFFECTED PRODUCTS

The following products are affected by CVE-2025-20190 vulnerability.

Vendors Products
Cisco
  • Catalyst 9105axi
  • Catalyst 9115axe
  • Catalyst 9115axi
  • Catalyst 9117axi
  • Catalyst 9120axe
  • Catalyst 9120axi
  • Catalyst 9120axp
  • Catalyst 9130axe
  • Catalyst 9130axi
  • Catalyst 9800-40
  • Catalyst 9800-80
  • Catalyst 9800-cl Wireless Controllers For Cloud
  • Catalyst 9800-l
  • Catalyst Cw9800h1
  • Catalyst Cw9800h2
  • Catalyst Cw9800m
  • Ios Xe
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-20190.

URL Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-user-del-hQxMpUDj cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact