Cisco Warns of and Patches Actively Exploited Vulnerability in IOS Software

The Hacker News reported on September 25, 2025, that Cisco has warned of a high-severity vulnerability in its IOS and IOS XE software that is being actively exploited. The flaw, identified as CVE-2025-20352, is rooted in the Simple Network Management Protocol (SNMP) subsystem and was discovered after attackers compromised local administrator credentials. All versions of SNMP are affected, and any device with SNMP enabled that has not excluded a specific object ID is considered vulnerable.

reddit.com reported, This stack overflow vulnerability allows a remote, authenticated attacker to send a crafted SNMP packet and cause a denial-of-service (DoS) condition with low privileges. An attacker with high privileges, such as administrative credentials, could achieve remote code execution (RCE) as the root user, effectively taking full control of a device. While there is no complete workaround, Cisco suggests limiting SNMP access to trusted users as a temporary mitigation. The company has released software updates, including IOS XE Software Release 17.15.4a, to address the flaw.