Contact
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Cybersecurity is about sharing. Recognize the risk,
combat it, share your experiences, and encourage others
to do better than you.
Fortinet 320x100px
TM RedHotCyber 970x120 042543
Zero-Day Vulnerabilities Found in Cisco IOS and IOS XE: Urgent Updates

Zero-Day Vulnerabilities Found in Cisco IOS and IOS XE: Urgent Updates

25 September 2025 07:31

Cisco has disclosed a zero-day vulnerability, tracked as CVE-2025-20352, in its widely used IOS and IOS XE software; this vulnerability appears to be actively exploited. This vulnerability was initially identified through an investigation into a support case at the Cisco Technical Assistance Center (TAC).

The flaw was found in the Simple Network Management Protocol (SNMP) subsystem and could allow a remote attacker to cause a remote code execution (RCE) or denial of service (DoS) condition on vulnerable devices.

The vulnerability is caused by a stack overflow condition (CWE-121) . An attacker can trigger this flaw by sending a spoofed SNMP packet over an IPv4 or IPv6 network to an affected device.

The advisory, published on September 24, 2025, confirms that all versions of SNMP (v1, v2c, and v3) are vulnerable.

  • An authenticated, low-privileged remote attacker can cause the affected device to reload, resulting in a DoS condition. This requires access to a read-only SNMPv2c string or valid SNMPv3 user credentials.
  • An elevated attacker with administrative or privilege 15 credentials can execute arbitrary code as root on devices running iOS XE, effectively gaining complete control over the system.

Cisco confirmed that its Product Security Incident Response Team (PSIRT) found this vulnerability successfully exploited in a live environment. Attackers demonstrated an attack methodology, exploiting the flaw after compromising local administrator credentials.

Once again, it’s crucial to emphasize the importance of effective credential management and patching. A wide range of Cisco devices, including Meraki MS390 switches and Cisco Catalyst 9300 Series switches, are vulnerable due to SNMP being enabled on vulnerable versions of iOS and iOS XE software. This situation underscores the urgent need for robust credential management and system updates.

Any device with SNMP enabled is considered vulnerable unless specific configurations have been implemented to block malicious traffic. Administrators can use the show running-config command to determine if SNMP is enabled on their systems.

Cisco has released software updates to address this vulnerability and strongly recommends all customers upgrade to a patched software release to fully address the issue . The advisory, identified as cisco-sa-snmp-x4LPhte, clarifies that no workarounds are available.

Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.

Cropped RHC 3d Transp2 1766828557 300x300
The editorial staff of Red Hot Cyber is composed of IT and cybersecurity professionals, supported by a network of qualified sources who also operate confidentially. The team works daily to analyze, verify, and publish news, insights, and reports on cybersecurity, technology, and digital threats, with a particular focus on the accuracy of information and the protection of sources. The information published is derived from direct research, field experience, and exclusive contributions from national and international operational contexts.