Cisco has released emergency security patches for a critical zero-day vulnerability in its IOS and IOS XE software that attackers are actively exploiting in the wild, potentially affecting millions of enterprise network devices worldwide.
The flaw, tracked as CVE-2025-20352 with a CVSS score of 7.7, stems from a stack-based buffer overflow in the Simple Network Management Protocol (SNMP) subsystem—a core networking component used for device monitoring and management. All devices with SNMP enabled are vulnerable, regardless of SNMP version.
"The Cisco Product Security Incident Response Team (PSIRT) became aware of successful exploitation of this vulnerability in the wild after local Administrator credentials were compromised," the company warned in its Wednesday advisory.
The vulnerability presents a dual threat: authenticated attackers with basic privileges can crash vulnerable devices through denial-of-service attacks, while high-privileged attackers can achieve complete system takeover on IOS XE devices by executing code as the root user.
What makes this particularly dangerous is the attack vector—threat actors can exploit the flaw by sending specially crafted SNMP packets over standard IPv4 or IPv6 networks, making it relatively straightforward for attackers who have gained network access.
The timing couldn't be more critical, as this disclosure coincides with Cisco's September 2025 security bundle that patches 13 additional vulnerabilities, including two with publicly available proof-of-concept exploit code.
Immediate Actions Required:
Network administrators should immediately check if SNMP is enabled using the command show running-config | include snmp-server community and prioritise patching affected systems. While no complete workarounds exist, administrators can temporarily limit SNMP access to trusted users only.
Cisco's Software Checker tool can help organisations identify vulnerable devices and determine appropriate patch levels. The company strongly emphasises that temporary mitigations are insufficient—only upgrading to fixed software releases will fully remediate the vulnerability.
This incident underscores the persistent threat to network infrastructure, particularly following Cisco's May disclosure of a maximum-severity IOS XE flaw affecting Wireless LAN Controllers, highlighting the need for robust network security monitoring and rapid patch deployment strategies.