Cisco has disclosed a critical RCE vulnerability (CVE-2025-20352) affecting its IOS and IOS XE software, which is actively exploited with compromised administrator credentials. The flaw resides in the SNMP subsystem, allowing attackers to cause DoS or execute arbitrary code remotely. #CiscoIOS #SNMPVuln
Keypoints
- The vulnerability affects a wide range of Cisco devices running vulnerable IOS and IOS XE versions.
- Attackers can exploit the flaw through crafted SNMP packets over IPv4 or IPv6, causing device reboots or full system control.
- Low-privileged attackers can trigger a denial-of-service, while high-privileged attackers can achieve remote code execution.
- Cisco recommends applying software updates, limiting SNMP access, and disabling affected OIDs to mitigate risks.
- The issue was discovered during a support investigation and has been publicly disclosed with a high severity score of 7.7.
Read More: https://thecyberexpress.com/cisco-ios-rce-vulnerability-cve-2025-20352/