A critical vulnerability in the SNMP subsystem of Cisco IOS and IOS XE allows remote attackers with authenticated access to cause a denial of service or execute code with root privileges, and it has been actively exploited in the wild.

Cisco emphasizes the urgency of updating affected devices immediately, as the flaw is being exploited using compromised administrator credentials, and the vulnerability is rated 7.7 out of 10 in severity.

Cisco has addressed this zero-day vulnerability (CVE-2025-20352) along with 13 other issues in IOS and IOS XE, including high-severity bugs that could lead to DoS, code execution, privilege escalation, or data leaks.

The company recommends upgrading to fixed software releases without delay, as there are no effective workarounds besides patching, though restricting SNMP access to trusted hosts can offer limited mitigation.

As a temporary measure, Cisco advises limiting SNMP access to trusted users and monitoring activity until devices can be updated, with fixed patches available in IOS XE Software Release 17.15.4a.

The patches also cover vulnerabilities in Cisco’s SD-WAN vEdge, Access Point, and Wireless Access Point software, which could enable ACL bypass, IPv6 gateway tampering, or data tampering.

Additional patches address five medium-severity bugs that could result in DoS, cross-site scripting, privilege escalation, or ACL bypass, with proof-of-concept exploits existing for some.

While exploits for two medium-severity issues exist in proof-of-concept form, Cisco reports no active exploitation at this time.

Cisco urges users to update their devices promptly, verify vulnerability status with the Cisco Software Checker, and review detailed security advisories for guidance.

The CVE-2025-20352 flaw, with a CVSS score of 7.7, was discovered after local administrator credentials were compromised, and it impacts all devices with SNMP enabled due to a stack overflow in the SNMP process.

Exploitation of this vulnerability requires knowledge of default or widely known read-only community strings and some privileges on the targeted system.

Given the history of IOS zero-days being exploited in the wild, delaying patch deployment significantly increases the risk of successful attacks.