Cisco has issued security updates to fix a high-severity zero-day vulnerability, tracked as CVE-2025-20352, which is being actively exploited in attacks. This flaw is a stack-based buffer overflow within the SNMP subsystem of Cisco IOS and IOS XE software, affecting all devices with SNMP enabled. Attackers with low privileges can exploit it to cause a denial-of-service condition, while those with higher access can execute arbitrary code and gain full control of the system.
The vulnerability is triggered by sending a specially crafted SNMP packet to a vulnerable device. Cisco became aware of the issue after discovering successful exploitation in the wild. Although there are no direct workarounds, administrators can temporarily mitigate the risk by restricting SNMP access to trusted sources. However, the company strongly recommends applying the available patches as the only complete solution.
In the same update, Cisco addressed 13 other security flaws, including two with public proof-of-concept exploit code. These include a cross-site scripting vulnerability and a separate denial-of-service flaw. This incident follows a previous critical patch in May for a different IOS XE vulnerability, highlighting ongoing security challenges for network infrastructure.
Read more...