Cisco warns of a critical vulnerability in IOS and IOS XE Software, which has been exploited in the wild to compromise affected devices via SNMP. The flaw, CVE-2025-20352, allows attackers with certain credentials to execute arbitrary code or cause DoS, especially impacting Cisco Catalyst switches and Meraki MS390 devices. #CVE-2025-20352 #CiscoIOSXE #SNMPv2c #MerakiMS390 #Catalyst9300
Keypoints
- Cisco disclosed a high-severity vulnerability in its IOS and IOS XE software that is actively exploited in the wild.
- The flaw stems from a stack overflow in the SNMP subsystem, potentially allowing remote code execution or DoS attacks.
- Attackers need specific SNMP credentials, such as community strings or valid user credentials, depending on the attack goal.
- The vulnerability affects all SNMP versions and specific Cisco devices, including Meraki MS390 and Catalyst 9300 Series switches running certain software versions.
- Cisco has released a software update (Release 17.15.4a) to address the issue, and recommended restricting SNMP access to trusted users as a mitigation measure.
Read More: https://thehackernews.com/2025/09/cisco-warns-of-actively-exploited-snmp.html