Overview

• CVE-2025-20352 is a stack-based buffer overflow in the SNMP subsystem that affects devices with SNMP enabled.
• An authenticated attacker can cause DoS with low-privilege SNMP credentials, while root-level code execution on IOS XE requires valid SNMP credentials plus administrative or privilege-15 device access.
• Cisco released fixes, including IOS XE 17.15.4a, and said IOS XR and NX-OS are not affected.
• Mitigations include restricting SNMP access to trusted users, monitoring devices with the 'show snmp host' command, and disabling the affected OIDs where supported.
• Cisco also addressed 13 additional vulnerabilities in the same update cycle, including two with publicly available proof-of-concept code.