Cisco has disclosed 14 security vulnerabilities in its IOS and IOS XE systems, including a critical zero-day that is already being actively exploited by cybercriminals. The zero-day in question, identified as CVE-2025-20352, with a CVSS score of 7.7, affects the SNMP protocol and allows code execution with root privileges on network devices.
The company has confirmed active attacks exploiting this flaw after compromising local administrative credentials. Depending on the attacker’s privileges, exploitation can result in denial of service or full code execution as root.
In addition to the zero-day, other vulnerabilities stand out: CVE-2025-20334 (CVSS 8.8) allows command injection into the IOS XE HTTP API, enabling arbitrary code execution as root; CVE-2025-20160 (CVSS 8.1) represents authentication bypass in TACACS+; and CVE-2025-20315 (CVSS 8.6) can lead to denial of service.
Cisco has released software updates that should be applied immediately. The recommended patched version is IOS XE Release 17.15.4a or higher. As temporary mitigations, you can restrict SNMP access to trusted users, disable affected OIDs, and monitor connections using the command show snmp host.
Find out more at:
https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75296
SEK emphasizes that this situation requires an immediate response due to confirmed active exploitation. Organizations that delay corrections are exposed to a total compromise of critical infrastructure. We remain available to support our customers in implementing the necessary measures.
