Particle.news
Download on the App Store
8 ARTICLES
·
2h ago

Cisco Issues Patches for Actively Exploited IOS/IOS XE SNMP Zero-Day

Exploitation followed theft of admin credentials, prompting urgent upgrades to releases that close a stack overflow in the SNMP subsystem.

Cisco Systems headquarters in San Jose, California, US, on Monday, Aug. 14, 2023.
Cisco zero-day
Cisco
Image

Overview

  • The bug, CVE-2025-20352, is a stack-based overflow in SNMP that lets low-privileged users force device reloads or lets higher-privileged users execute code as root on IOS XE.
  • DoS requires an SNMPv2c (or earlier) read-only community string or valid SNMPv3 credentials, while RCE also requires the SNMP read-only string or SNMPv3 account plus administrative or privilege 15 access.
  • All devices with SNMP enabled on affected IOS or IOS XE releases are vulnerable, including Meraki MS390 and Catalyst 9300 running Meraki CS 17 or earlier, while IOS XR and NX-OS are not impacted.
  • Cisco released fixed builds, including IOS XE 17.15.4a, within a bundle of 14 patches, and proof-of-concept code is public for two other flaws (CVE-2025-20240 and CVE-2025-20149).
  • No complete workaround exists, so operators should upgrade immediately, temporarily restrict SNMP to trusted management hosts, and note one report estimates exposure could reach roughly 2 million devices.