- Cisco patches CVE-2025-20352, a high-severity SNMP flaw actively exploited in the wild
- Attackers can cause DoS or gain root access using crafted SNMP packets and credentials
- No workaround exists; users must apply Cisco’s patch or use temporary mitigation steps
Cisco has patched a high-severity vulnerability in its IOS and IOS XE Software it says is being actively exploited in the wild.
In a recently published security advisory, the company said it discovered, and fixed, a stack overflow condition in the Simple Network Management Protocol (SNMP) subsystem of the OS. It is tracked as CVE-2025-20352, and has a severity score of 7.7/10 (high).
Successfully exploiting the bug could grant low-privileged attackers the ability to reload the systems and cause a DoS condition. A high-privileged attacker, on the other hand, could use the bug to run arbitrary code as the root user, and fully take over the compromised endpoints.
Patches and mitigations
To cause the DoS, the attacker must have the SNMPv2c or earlier read-only community string or valid SNMPv3 user credentials, the networking giant explained.
To execute code as the root user, the attacker must have the SNMPv1 or v2c read-only community string or valid SNMPv3 user credentials and administrative or privilege 15 credentials on the affected device. The flaw could be exploited through a custom SNMP packet sent over IPv4 or IPv6.
All devices running a vulnerable release of IOS and IOS XE are affected, the company stressed, adding that all older versions of SNMP were flawed. This includes Meraki MS390 and Cisco Catalyst 9300 Series Switches that are running Meraki CS 17, as well.
To address the vulnerability, Cisco released a patch, and warned the users to apply it immediately since the bug is being actively abused in the wild: “The Cisco Product Security Incident Response Team (PSIRT) became aware of successful exploitation of this vulnerability in the wild after local Administrator credentials were compromised,” the company said.
There are no workarounds to address the flaw, but there is a mitigation that can be used as a temporary solution until the patch is deployed. More details about the mitigation can be found on this link.
Via BleepingComputer
