Contact
Red Hot Cyber
Cybersecurity, Cybercrime News and Vulnerability Analysis
Home
970x120 Enterprise 1
Zero-Day Vulnerabilities Found in Cisco IOS and IOS XE: Urgent Updates

Zero-Day Vulnerabilities Found in Cisco IOS and IOS XE: Urgent Updates

25 September 2025 07:31

Cisco has disclosed a zero-day vulnerability, tracked as CVE-2025-20352, in its widely used IOS and IOS XE software; this vulnerability appears to be actively exploited. This vulnerability was initially identified through an investigation into a support case at the Cisco Technical Assistance Center (TAC).

The flaw was found in the Simple Network Management Protocol (SNMP) subsystem and could allow a remote attacker to cause a remote code execution (RCE) or denial of service (DoS) condition on vulnerable devices.

The vulnerability is caused by a stack overflow condition (CWE-121) . An attacker can trigger this flaw by sending a spoofed SNMP packet over an IPv4 or IPv6 network to an affected device.

The advisory, published on September 24, 2025, confirms that all versions of SNMP (v1, v2c, and v3) are vulnerable.

  • An authenticated, low-privileged remote attacker can cause the affected device to reload, resulting in a DoS condition. This requires access to a read-only SNMPv2c string or valid SNMPv3 user credentials.
  • An elevated attacker with administrative or privilege 15 credentials can execute arbitrary code as root on devices running iOS XE, effectively gaining complete control over the system.

Cisco confirmed that its Product Security Incident Response Team (PSIRT) found this vulnerability successfully exploited in a live environment. Attackers demonstrated an attack methodology, exploiting the flaw after compromising local administrator credentials.

Once again, it’s crucial to emphasize the importance of effective credential management and patching. A wide range of Cisco devices, including Meraki MS390 switches and Cisco Catalyst 9300 Series switches, are vulnerable due to SNMP being enabled on vulnerable versions of iOS and iOS XE software. This situation underscores the urgent need for robust credential management and system updates.

Any device with SNMP enabled is considered vulnerable unless specific configurations have been implemented to block malicious traffic. Administrators can use the show running-config command to determine if SNMP is enabled on their systems.

Cisco has released software updates to address this vulnerability and strongly recommends all customers upgrade to a patched software release to fully address the issue . The advisory, identified as cisco-sa-snmp-x4LPhte, clarifies that no workarounds are available.

Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.

Agostino Pellegrino 300x300
He is a freelancer, teacher and expert in Computer Forensics, Cyber Security and Ethical Hacking and Network Management. He has collaborated with leading educational institutions internationally and has practiced teaching and mentorship in advanced Offensive Security techniques for NATO obtaining major awards from the U.S. Government. His motto is "Study. Always."
Areas of Expertise: Cybersecurity architecture, Threat intelligence, Digital forensics, Offensive security, Incident response & SOAR, Malware analysis, Compliance & frameworks