As many as 2 million Cisco gadgets are prone to an actively exploited zero-day that may remotely crash or execute code on susceptible programs.
Cisco said Wednesday that the vulnerability, tracked as CVE-2025-20352, was current in all supported variations of Cisco IOS and Cisco IOS XE, the working system that powers all kinds of the corporate’s networking gadgets. The vulnerability might be exploited by low-privileged customers to create a denial-of-service assault or by higher-privileged customers to execute code that runs with unfettered root privileges. It carries a severity ranking of seven.7 out of a potential 10.
Exposing SNMP to the Web? Yep
“The Cisco Product Safety Incident Response Crew (PSIRT) grew to become conscious of profitable exploitation of this vulnerability within the wild after native Administrator credentials had been compromised,” Wednesday’s advisory said. “Cisco strongly recommends that clients improve to a set software program launch to remediate this vulnerability.”
The vulnerability is the results of a stack overflow bug within the IOS element that handles SNMP (easy community administration protocol), which routers and different gadgets use to gather and deal with details about gadgets inside a community. The vulnerability is exploited by sending crafted SNMP packets.
To execute malicious code, the distant attacker should have possession of read-only community string, an SNMP-specific type of authentication for accessing managed gadgets. Continuously, such strings ship with gadgets. Even when modified by an administrator, read-only neighborhood strings are sometimes broadly recognized inside a corporation. The attacker would additionally require privileges on the susceptible programs. With that, the attacker can receive RCE (distant code execution) capabilities that run as root.
