As many as 2 million Cisco units are inclined to an actively exploited zeroday that may remotely crash or execute code on susceptible techniques.
Cisco stated Wednesday that the vulnerability, tracked as CVE-2025-20352, was current in all supported variations of Cisco IOS and Cisco IOS XE, the working system that powers all kinds of the corporate’s networking units. The vulnerability will be exploited by low-privileged customers to create a denial-of-service assault or by higher-privileged customers to execute code that runs with unfettered root privileges. It carries a severity score of seven.7 out of a doable 10.
Exposing SNMP to the Web? Yep
“The Cisco Product Safety Incident Response Workforce (PSIRT) turned conscious of profitable exploitation of this vulnerability within the wild after native Administrator credentials have been compromised,” Wednesday’s advisory acknowledged. “Cisco strongly recommends that prospects improve to a hard and fast software program launch to remediate this vulnerability.”
The vulnerability is the results of a stack overflow bug within the IOS element that handles SNMP (easy community administration protocol), which routers and different units use to gather and deal with details about units inside a community. The vulnerability is exploited by sending crafted SNMP packets.
To execute malicious code, the distant attacker should have possession of read-only neighborhood string, an SNMP-specific type of authentication for accessing managed units. Continuously, such strings ship with units. Even when modified by an administrator, read-only neighborhood strings are sometimes extensively identified inside a company. The attacker would additionally require privileges on the susceptible techniques. With that, the attacker can acquire RCE (distant code execution) capabilities that run as root.
