InfoSecBulletin Cybersecurity for mankind
Cisco has disclosed a zero-day vulnerability, CVE-2025-20352, in its popular IOS and IOS XE software, which is currently under active exploitation. The flaw in the Simple Network Management Protocol (SNMP) can let remote attackers execute code or cause denial-of-service (DoS) on affected devices.
The stack overflow vulnerability (CWE-121) exists in the SNMP subsystem of Cisco IOS and IOS XE software. An attacker can exploit this issue by sending a specially crafted SNMP packet to a vulnerable device on an IPv4 or IPv6 network.
Using AI, Researcher Hacks Google and Earns $500,000 Bug Bounty
Chrome 149 fixes 28 flaws, including critical UAF bugs
Dahua patches multiple critical vulnerabilities in its products
South Korea fines Coupang Record $409 mln fine for data leak
ShinyHunters claim stolen data from 100+ org via oracle PeopleSoft servers
Security Update: RoguePlanet, BitLocker Bypass, Chromium Zero-Day, and More Critical Threats Uncovered
73 Microsoft Packages Compromised in Password Stealer Attack
New Windows Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges
Microsoft June Patches 200 Vulnerabilities including 3 zero days
World’s first wind power underwater data center is now live
The advisory, published on September 24, 2025, confirms that all versions of SNMP (v1, v2c, and v3) are susceptible.
Active Exploitation and Affected Devices:
Cisco’s Product Security Incident Response Team (PSIRT) has confirmed successful exploitation of this vulnerability in the wild. The advisory states that attackers exploited the flaw after first gaining local administrator credentials, showing a chained attack method. This highlights the critical need for strong credential management alongside patching.
Affected Products:
Vulnerable Products:
This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software. Meraki MS390 and Cisco Catalyst 9300 Series Switches that are running Meraki CS 17 and earlier are also affected. This is fixed in Cisco IOS XE Software Release 17.15.4a.
Cisco has issued software updates to address this vulnerability and urges all customers to upgrade to fixed versions. The advisory, cisco-sa-snmp-x4LPhte, states that no workarounds exist.
Cisco offers a mitigation technique for organizations that can’t apply updates right away. Administrators can set up an SNMP view to exclude the affected object IDs (OIDs) to avoid triggering the vulnerable code.
However, Cisco cautions that this mitigation may disrupt network management functionalities, such as device discovery and hardware inventory monitoring. As a general security measure, Cisco also advises restricting SNMP access to only trusted users.
