Cisco has issued an urgent patch for a high-severity zero-day vulnerability in its IOS and IOS XE Software that is already being actively exploited by attackers.
The security flaw, tracked as CVE-2025-20352, is located in the Simple Network Management Protocol (SNMP) subsystem. Because there are no effective workarounds, Cisco is strongly urging customers to update their software immediately.
The Vulnerability
The zero-day is caused by a stack overflow condition in the SNMP subsystem and impacts all devices with SNMP enabled. This flaw allows authenticated, remote attackers to achieve two levels of compromise:
- Denial-of-Service (DoS): An attacker with low privileges (such as an SNMPv2c read-only community string or basic SNMPv3 user credentials) can send a specially crafted SNMP packet to the vulnerable device over IPv4 or IPv6 networks, causing it to crash.
- Root Code Execution: An attacker with high privileges (valid SNMPv3 user credentials and administrative or privilege 15 credentials) can exploit the flaw to execute arbitrary code as the root user on the affected device.
Cisco's Product Security Incident Response Team (PSIRT) confirmed they became aware of the threat after successful exploitation in the wild resulted in the compromise of local Administrator credentials.
Since no workarounds are available, Cisco recommends that, as a temporary measure, organizations should restrict SNMP access on affected systems exclusively to trusted users.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
