Cisco has released patches for 14 vulnerabilities in IOS and IOS XE, including a critical flaw actively exploited in the wild, CVE-2025-20352. The vulnerabilities affect multiple Cisco devices and could allow attackers to cause DoS or execute remote code with root privileges. #CVE202520352 #CiscoIOSVulnerabilities
Keypoints
- Cisco announced security updates for 14 vulnerabilities in IOS and IOS XE.
- The exploited flaw, CVE-2025-20352, is a stack overflow in the SNMP subsystem that can lead to DoS or remote code execution.
- Attackers with low privileges can trigger DoS, while high-privileged attackers can exploit it for root-level code execution.
- Cisco urges users to update affected devices immediately due to active exploitation using compromised credentials.
- Other patched vulnerabilities include DoS, command execution, authentication bypass, and data leaks, with some proof-of-concept exploits existing.
Read More: https://www.securityweek.com/cisco-patches-zero-day-flaw-affecting-routers-and-switches/