CVE-2025-20190 - Vulnerability Details

A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attacker to remove arbitrary users that are defined on an affected device. This vulnerability is due to insufficient access control of actions executed by lobby ambassador users. An attacker could exploit this vulnerability by logging in to an affected device with a lobby ambassador user account and sending crafted HTTP requests to the API. A successful exploit could allow the attacker to delete arbitrary user accounts on the device, including users with administrative privileges. Note: This vulnerability is exploitable only if the attacker obtains the credentials for a lobby ambassador account. This account is not configured by default.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Catalyst 9105axi Catalyst 9115axe Catalyst 9115axi Catalyst 9117axi Catalyst 9120axe Catalyst 9120axi Catalyst 9120axp Catalyst 9130axe Catalyst 9130axi Catalyst 9800-40 Catalyst 9800-80 Catalyst 9800-cl Wireless Controllers For Cloud Catalyst 9800-l Catalyst Cw9800h1 Catalyst Cw9800h2 Catalyst Cw9800m Ios Xe

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:ios_xe:17.6.8:::::::*
	cpe:2.3:o:cisco:ios_xe:17.9.6:::::::*
	cpe:2.3:o:cisco:ios_xe:17.9.6a:::::::*
	cpe:2.3:o:cisco:ios_xe:17.12.1z2:::::::*
	cpe:2.3:o:cisco:ios_xe:17.12.1z3:::::::*
	cpe:2.3:o:cisco:ios_xe:17.15.1:::::::*
	cpe:2.3:o:cisco:ios_xe:17.15.1x:::::::*

OR	cpe:2.3:a:cisco:catalyst_9800-cl_wireless_controllers_for_cloud::::::::
	cpe:2.3:h:cisco:catalyst_9105axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_9115axe:-:::::::*
	cpe:2.3:h:cisco:catalyst_9115axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_9117axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_9120axe:-:::::::*
	cpe:2.3:h:cisco:catalyst_9120axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_9120axp:-:::::::*
	cpe:2.3:h:cisco:catalyst_9130axe:-:::::::*
	cpe:2.3:h:cisco:catalyst_9130axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-40:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-80:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l:-:::::::*
	cpe:2.3:h:cisco:catalyst_cw9800h1:-:::::::*
	cpe:2.3:h:cisco:catalyst_cw9800h2:-:::::::*
	cpe:2.3:h:cisco:catalyst_cw9800m:-:::::::*

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-user-del-hQxMpUDj

History

Thu, 31 Jul 2025 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco Cisco catalyst 9105axi Cisco catalyst 9115axe Cisco catalyst 9115axi Cisco catalyst 9117axi Cisco catalyst 9120axe Cisco catalyst 9120axi Cisco catalyst 9120axp Cisco catalyst 9130axe Cisco catalyst 9130axi Cisco catalyst 9800-40 Cisco catalyst 9800-80 Cisco catalyst 9800-cl Wireless Controllers For Cloud Cisco catalyst 9800-l Cisco catalyst Cw9800h1 Cisco catalyst Cw9800h2 Cisco catalyst Cw9800m Cisco ios Xe
CPEs		cpe:2.3:a:cisco:catalyst_9800-cl_wireless_controllers_for_cloud:::::::: cpe:2.3:h:cisco:catalyst_9105axi:-:::::::* cpe:2.3:h:cisco:catalyst_9115axe:-:::::::* cpe:2.3:h:cisco:catalyst_9115axi:-:::::::* cpe:2.3:h:cisco:catalyst_9117axi:-:::::::* cpe:2.3:h:cisco:catalyst_9120axe:-:::::::* cpe:2.3:h:cisco:catalyst_9120axi:-:::::::* cpe:2.3:h:cisco:catalyst_9120axp:-:::::::* cpe:2.3:h:cisco:catalyst_9130axe:-:::::::* cpe:2.3:h:cisco:catalyst_9130axi:-:::::::* cpe:2.3:h:cisco:catalyst_9800-40:-:::::::* cpe:2.3:h:cisco:catalyst_9800-80:-:::::::* cpe:2.3:h:cisco:catalyst_9800-l:-:::::::* cpe:2.3:h:cisco:catalyst_cw9800h1:-:::::::* cpe:2.3:h:cisco:catalyst_cw9800h2:-:::::::* cpe:2.3:h:cisco:catalyst_cw9800m:-:::::::* cpe:2.3:o:cisco:ios_xe:17.12.1z2:::::::* cpe:2.3:o:cisco:ios_xe:17.12.1z3:::::::* cpe:2.3:o:cisco:ios_xe:17.15.1:::::::* cpe:2.3:o:cisco:ios_xe:17.15.1x:::::::* cpe:2.3:o:cisco:ios_xe:17.6.8:::::::* cpe:2.3:o:cisco:ios_xe:17.9.6:::::::* cpe:2.3:o:cisco:ios_xe:17.9.6a:::::::*
Vendors & Products		Cisco Cisco catalyst 9105axi Cisco catalyst 9115axe Cisco catalyst 9115axi Cisco catalyst 9117axi Cisco catalyst 9120axe Cisco catalyst 9120axi Cisco catalyst 9120axp Cisco catalyst 9130axe Cisco catalyst 9130axi Cisco catalyst 9800-40 Cisco catalyst 9800-80 Cisco catalyst 9800-cl Wireless Controllers For Cloud Cisco catalyst 9800-l Cisco catalyst Cw9800h1 Cisco catalyst Cw9800h2 Cisco catalyst Cw9800m Cisco ios Xe

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00038}`	epss `{'score': 0.00043}`

Wed, 07 May 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 07 May 2025 17:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attacker to remove arbitrary users that are defined on an affected device. This vulnerability is due to insufficient access control of actions executed by lobby ambassador users. An attacker could exploit this vulnerability by logging in to an affected device with a lobby ambassador user account and sending crafted HTTP requests to the API. A successful exploit could allow the attacker to delete arbitrary user accounts on the device, including users with administrative privileges. Note: This vulnerability is exploitable only if the attacker obtains the credentials for a lobby ambassador account. This account is not configured by default.
Weaknesses		CWE-284
References		https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-user-del-hQxMpUDj
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2025-05-07T17:34:54.487Z

Updated: 2025-05-07T19:45:20.972Z

Reserved: 2024-10-10T19:15:13.226Z

Link: CVE-2025-20190

Vulnrichment

Updated: 2025-05-07T18:56:13.504Z

NVD

Status : Analyzed

Published: 2025-05-07T18:15:38.963

Modified: 2025-07-31T15:48:08.890

Link: CVE-2025-20190

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object