BigTech CompaniesCybersecurityNewswireTechnology

Millions of Cisco Devices Hit by Active 0-Day Attack

▼ Summary

– Up to 2 million Cisco devices are vulnerable to an actively exploited zero-day vulnerability (CVE-2025-20352) that can cause remote crashes or code execution.
– The flaw affects all supported versions of Cisco IOS and IOS XE operating systems and has a severity rating of 7.7 out of 10.
– The vulnerability is a stack overflow bug in the component that handles SNMP (Simple Network Management Protocol) and is exploited by sending crafted SNMP packets.
– Successful exploitation in the wild has been reported, and Cisco strongly recommends customers upgrade to a fixed software release to address the issue.
– To achieve remote code execution, an attacker needs a read-only SNMP community string and specific privileges on the system, which would then grant them root-level access.

A newly identified and actively exploited vulnerability places an estimated two million Cisco networking devices at significant risk. This critical security flaw, designated CVE-2025-20352, enables attackers to either crash systems entirely or execute malicious code with the highest level of system privileges. The issue affects all currently supported versions of the Cisco IOS and Cisco IOS XE operating systems, which run on a vast array of the company’s switches and routers. Security researchers have assigned the vulnerability a severity score of 7.7 out of 10, underscoring its potential for damage.

Cisco’s Product Security Incident Response Team (PSIRT) confirmed it became aware of active exploitation in real-world environments. The company has issued a firm recommendation for all customers to immediately install updated software that contains a fix. The vulnerability stems from a stack overflow bug within the component responsible for processing the Simple Network Management Protocol (SNMP). This protocol is commonly used for collecting performance data from network devices. Attackers can trigger the flaw by sending specially crafted SNMP packets to a vulnerable device.

For an attacker to achieve the more severe outcome of remote code execution, two specific conditions must be met. First, they need to possess the read-only community string, which is a form of password used for SNMP access. These strings are often set to a default value when a device is shipped and, even if changed, may be common knowledge within an organization. Second, the attacker must have some level of user privileges on the target system. If both conditions are satisfied, the attacker can run any code they choose with unrestricted root-level authority over the device.

(Source: Ars Technica)

Topics

cisco vulnerability 100% zero-day exploit 95% cve-2025-20352 90% cisco ios 85% snmp protocol 85% remote code execution 80% denial-of-service 75% privilege escalation 70% stack overflow 70% snmp authentication 65%

The Wiz

Wiz Consults, home of the Internet is led by "the twins", Wajdi & Karim, experienced professionals who are passionate about helping businesses succeed in the digital world. With over 20 years of experience in the industry, they specialize in digital publishing and marketing, and have a proven track record of delivering results for their clients.