Article Details
Scrape Timestamp (UTC): 2025-09-25 11:48:47.175
Source: https://www.theregister.com/2025/09/25/zeroday_deja_vu_another_cisco/
Original Article Text
Click to Toggle View
Zero-day deja vu as another Cisco IOS bug comes under attack. The latest in a run of serious networking bugs gives attackers root if they have SNMP access. Cisco has confirmed a new IOS and IOS XE zero-day, the latest in a string of flaws that attackers have been quick to weaponize. Cisco's IOS, the networking software workhorse running across countless switches and routers, has long been a punching bag for attackers, most notably in a 2023 spree that left thousands of boxes compromised. The networking behemoth added yet another high-severity IOS flaw to the tally this week. Tracked as CVE-2025-20352, the vulnerability lives in the Simple Network Management Protocol (SNMP) subsystem and can be tripped with a malicious packet over IPv4 or IPv6 whenever SNMP is enabled. Attackers with low-privilege SNMP creds can crash a device, while those with higher-privilege access can run arbitrary code as root – a straight shot to total box compromise. "The Cisco Product Security Incident Response Team (PSIRT) became aware of successful exploitation of this vulnerability in the wild after local Administrator credentials were compromised," the company said. "Cisco strongly recommends that customers upgrade to a fixed software release to remediate this vulnerability." Cisco hasn't named the culprits behind the exploitation or disclosed how widespread the attacks are, and it also failed to respond to The Register's questions in time for publication. There's no clever workaround this time, and the only reliable mitigation is to patch. Cisco suggests admins can buy themselves a little time by restricting SNMP access to trusted management hosts, but that's cold comfort if the attacker is already inside the fence. Alongside this fix, Cisco bundled updates for a cross-site scripting vulnerability and a denial-of-service flaw, though CVE-2025-20352 is the one that is raising the alarm bells. Given Cisco's track record of IOS zero-days being hammered in the wild, anyone leaving this one until the next maintenance window is taking a gamble they'll probably lose.
Daily Brief Summary
Cisco confirmed a critical zero-day vulnerability, CVE-2025-20352, affecting IOS and IOS XE software, which attackers are actively exploiting.
The flaw resides in the SNMP subsystem, allowing attackers with SNMP access to execute arbitrary code with root privileges.
Successful exploitation can lead to full device compromise, posing significant risks to organizations relying on Cisco's networking equipment.
Cisco's Product Security Incident Response Team urges immediate software updates to address the vulnerability, as no workaround is available.
The company advises restricting SNMP access to trusted hosts as a temporary measure, though this is insufficient if attackers have already breached defenses.
This vulnerability is part of a series of serious issues affecting Cisco's IOS, raising concerns about the security of critical network infrastructure.
Organizations delaying patches risk exposure to attacks, given the historical exploitation patterns of Cisco's zero-day vulnerabilities.