25.09.2025
2 min
578
Cisco has released urgent patches for a critical vulnerability, CVE-2025-20352, in the SNMP subsystem of its IOS and IOS XE operating systems. The vulnerability is already being actively exploited by attackers to attack network devices. The vulnerability is related to a buffer overflow in the SNMP subsystem. It allows remote attackers with minimal privileges to create DoS attacks on unprotected devices. And hackers with higher privileges can gain complete control over the system by executing code with root privileges.
Cisco explained that the attack can be implemented via a specially crafted SNMP packet sent over IPv4 or IPv6. The exploitation has already been recorded after compromising local administrator accounts.
There are currently no workarounds – the company strongly recommends updating IOS and IOS XE to versions with fixes. If an update is not possible, a temporary measure can be to restrict SNMP access to trusted users only.
Along with this, Cisco has fixed 13 more vulnerabilities, including:
CVE-2025-20240 — XSS in IOS XE, which allows cookie theft;
CVE-2025-20149 — local DoS through device reboot.
This is not the first critical incident at Cisco this year. In May, the company already closed a vulnerability in wireless network controllers (WLC), which allowed device capture via hard-coded JWT tokens.
The current problem with SNMP emphasizes an old and well-known truth: outdated administration protocols become the weak link in corporate security.
Cisco PSIRT also reminded that timely installation of updates should be a mandatory element of cyber defense, since most attacks are aimed at already known vulnerabilities. Zero-day in IOS and IOS XE is a serious challenge for organizations that depend on Cisco network infrastructure. Delaying the update may lead to service failure or complete system compromise.
