Cisco disclosed a critical, actively exploited zero-day (CVE-2025-20352) affecting the IOS and IOS XE operating systems used on its routers and switches. The flaw stems from a stack overflow in the SNMP handling component, enabling remote crashes or code execution on vulnerable devices.
According to the company, the vulnerability affects all supported versions, and a successful exploit can be carried out by low-privilege users to cause denial-of-service, or by higher-privilege users to run code with root privileges. Cisco assigns a severity rating of 7.7 out of 10.
Security researchers note that public exposure of SNMP interfaces to the Internet increases risk, especially since read-only community strings—needed for initial access—are often shipped with devices or widely known inside organizations.
The Cisco Product Security Incident Response Team (PSIRT) said the vulnerability has been observed being exploited in the wild after local Administrator credentials were compromised, and urged customers to upgrade to fixed software releases as a remediation measure.
The issue stems from a stack overflow in the IOS component that handles SNMP, which devices use to manage network information. Exploitation requires attacker access to a read-only community string, and in some cases, higher privileges to achieve remote code execution with root rights. Mitigation includes upgrading to the fixed software, restricting SNMP access to trusted networks, and validating SNMP configurations. Publicly accessible SNMP interfaces have been observed at scale, highlighting the urgency of applying patches.
