Cisco released urgent security updates to patch a high-severity zero-day vulnerability in Cisco IOS and IOS XE Software that is actively exploited in attacks. The flaw, CVE-2025-20352, allows remote attackers to cause DoS or take full control of affected devices through crafted SNMP packets. #CVE202520352 #CiscoIOSXE
Keypoints
- Ciscoβs security patch addresses a zero-day vulnerability actively exploited in the wild.
- The flaw exists in the SNMP subsystem and affects devices with SNMP enabled.
- Low-privilege attackers can cause DoS, while high-privilege attackers can gain full control.
- Mitigation includes restricting SNMP access to trusted users until patches are applied.
- Cisco also fixed 13 other vulnerabilities, including XSS and DoS flaws.