The Australian government is alerting about ongoing cyberattacks exploiting a severe vulnerability in unpatched Cisco IOS XE devices. Attackers are using the BadCandy webshell to gain control, with over 150 devices still compromised as of late October 2025. The Australian Signals Directorate is notifying affected users and urging prompt patching.

Cisco has addressed a critical vulnerability in its IOS XE Software for Wireless LAN Controllers, identified as CVE-2025-20188, which allows unauthenticated attackers to hijack devices due to a hard-coded JSON Web Token. Although the flaw is potent, it is only exploitable if the 'Out-of-Band AP Image Download' feature is enabled, which is not the default setting. Administrators are urged to apply security updates immediately to mitigate the risk.