Cisco has released urgent security updates to address a severe zero-day vulnerability, CVE-2025-20352, that is being actively exploited in the wild. This critical flaw resides in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software, affecting all devices with SNMP enabled. Exploitation is possible by sending a crafted SNMP packet, and while low-privileged attackers can cause a denial-of-service condition, high-privileged attackers can execute code as the root user, gaining complete control over vulnerable systems. Cisco’s Product Security Incident Response Team (PSIRT) confirmed successful exploits after discovering compromised local administrator credentials.
To fix this vulnerability and prevent future attacks, Cisco strongly recommends that customers apply the new patches immediately. While there are no workarounds that fully fix the issue, administrators who cannot upgrade right away can temporarily limit SNMP access to only trusted users to mitigate the risk. This measure, however, is only a temporary fix, and Cisco emphasizes that a full upgrade is the only way to ensure complete remediation.
In addition to the critical zero-day, Cisco also patched 13 other security vulnerabilities. Among these are two flaws for which proof-of-concept exploit code is publicly available. One is a reflected cross-site scripting (XSS) flaw, CVE-2025-20240, in Cisco IOS XE that could allow an unauthenticated, remote attacker to steal cookies. The other, CVE-2025-20149, is a denial-of-service vulnerability that an authenticated, local attacker can use to force a device to reload.
These recent updates highlight Cisco’s ongoing efforts to secure their network infrastructure products against sophisticated threats. The company continues to prioritize the swift release of patches for critical vulnerabilities, especially those being actively exploited. This proactive stance is essential in protecting customer networks from both targeted attacks and broader threats that leverage known weaknesses.
The current patches follow a pattern of Cisco addressing serious security issues, including a maximum severity IOS XE flaw fixed in May. That previous vulnerability, impacting Wireless LAN Controllers, allowed unauthenticated attackers to remotely take over devices using a hard-coded JSON Web Token. Such incidents underscore the constant need for vigilance and timely software updates to maintain network integrity and security.
Reference:
