Vulnerability Management, Patch/Configuration Management

Cisco patches exploited zero-day affecting IOS, IOS XE software

Cisco on Sept. 24 patched a zero-day vulnerability already exploited in the wild that had led to attacks on devices running Cisco IOS and Cisco IOS XE software.

In its advisory, Cisco said an attacker could exploit this high-severity 7.7 vulnerability — CVE-2025-20352 — by sending a crafted simple network management protocol (SNMP) packet to an affected device over IPv4 or IPv6 networks.

“This vulnerability is due to a stack overflow condition in the SNMP subsystem of the affected software,” wrote Cisco. “A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or let a high-privileged attacker execute arbitrary code as the root user and obtain full control of the affected system.”

Ryan Emmons, security researcher at Rapid7, said Cisco products are widely used across many organizations, and Cisco’s advisory also reports successful exploitation in the wild by attackers who compromised high-privilege accounts.

“The most notable barrier to exploitation is that high-privilege local administrator credentials are required to establish remote code execution,” said Emmons. “This requirement is a big one, and it indicates that CVE-2025-20352 is more likely to be exploited during privilege escalation and lateral movement than it is to be used for initial access. Despite the barrier to exploitation, this vulnerability is a serious concern for defenders and requires immediate patching.”

Mayuresh Dani, security research manager,  the Qualys Threat Research Unit, added that Cisco IOS XE powers more than 160 enterprise platforms including access, distribution, core, WAN, and wireless devices.

Dani said this component has been used in the past by threat actors such as APT28, by targeting organizations vulnerable to at least nine CVEs dating back to 2017.   

“The severity is exacerbated by the fact that SNMP is commonly enabled for network management purposes, making a large percentage of Cisco's installed base potentially vulnerable until patches are applied and configurations are hardened,” explained Dani.

Related

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BugBuffer OverflowDisassembly

You can skip this ad in 5 seconds