Active Exploitation of Cisco IOS Zero-Day Vulnerability Affects Up to 2 Million Devices
Originally Published 3 months ago — by Cyber Security News
Cisco has disclosed a actively exploited zero-day vulnerability (CVE-2025-20352) in its IOS and IOS XE software, affecting SNMP protocols and allowing remote code execution or DoS attacks. The flaw, rooted in a stack overflow, impacts all versions with SNMP enabled and has been exploited in the wild after attackers compromised administrator credentials. Cisco recommends immediate software updates and offers mitigation strategies, emphasizing the importance of strong credential management and restricted SNMP access.