Cisco Warns of Zero‑Day Vulnerability Actively Exploited in iOS Software
Cisco has alerted users about a zero-day vulnerability (CVE‑2025‑20352) in its IOS and IOS XE software, which attackers are actively exploiting.
What’s the issue?
- The flaw lies in the SNMP subsystem (Simple Network Management Protocol) and can be triggered via crafted SNMP packets.
- It’s a stack overflow bug.
- Severity score: 7.7 / 10 (High)
- If exploited:
- Low‑privilege attackers might trigger a Denial of Service (DoS).
- High‑privilege attackers (with administrative rights) could execute arbitrary code as root, fully compromising the device.
- Exploitation requires valid SNMP credentials (v1/v2c read-only or SNMPv3 + admin privileges).
- The vulnerability affects all devices running vulnerable IOS / IOS XE versions, including Meraki MS390 and Cisco Catalyst 9300 switches running Meraki CS 17.
Mitigation & Patch
- Cisco has released a patch. Users are strongly urged to apply it immediately, as active exploitation is already occurring.
- There is no known full workaround.
- Cisco recommends using temporary mitigations:
- Restrict SNMP access (limit which IPs/networks can query).
- Use strong SNMPv3 credentials.
- Monitor logs for suspicious SNMP activity.