πŸ”΄ CVE-2025-20352

Critical SNMP stack overflow vulnerability in Cisco IOS/IOS XE that allows remote code execution with high privileges or denial of service with low privileges. Actively exploited in the wild against network infrastructure devices commonly exposed to the internet.

← Back to Overview
HIGH_RISK
Risk Level
7.7
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 β€” Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

πŸ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-09-24

Added to CISA KEV: 2025-09-29 5 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

πŸ” Web Intelligence (Kagi Β· 2025-09-29)

CVE-2025-20352 is a high-severity vulnerability affecting the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software [2]. Here's what is known about its exploitation:

  • Internet-facing applications or services: The vulnerability affects internet-facing applications and services running vulnerable Cisco software.
  • Active exploitation: There is evidence of active exploitation of this vulnerability in the wild [2]. Cisco has confirmed it is being used as a zero-day RCE (Remote Code Execution) vulnerability [2].
  • Attack vectors and exploitation methods: An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device over IPv4 or IPv6 networks [1]. To cause a DoS, the attacker needs to have low-level privileges [1].
  • Targeted attacks: While not explicitly stated, the active exploitation suggests it may be used in targeted attacks.
  • CISA Known Exploited Vulnerabilities (KEV) status: While CVE-2025-20352 is not explicitly listed in the CISA KEV catalog, related vulnerabilities have been added [3].
  • Technical details about internet exploitability: The vulnerability can be exploited over IPv4 or IPv6 networks by sending crafted SNMP packets to a vulnerable device [1]. The attacker needs to have authenticated, low-privileged, remote access [1].

Sources

  1. NVD - CVE-2025-20352

    An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device over IPv4 or IPv6 networks. This ...

  2. Cisco uncovers new SNMP vulnerability used in attacks on ...

    Designated CVE-2025-20352, the vulnerability resides in the Simple Network Management Protocol (SNMP) subsystem of Cisco's core network software ...

  3. CVE-2025-20333 - Exploits & Severity - Feedly

    CVE-2025-20333 is a critical vulnerability that has been exploited in the wild, as indicated by evidence linking it to an ongoing attack campaign. Patches are available in the first fixed releases for Cisco ASA and FTD software, and users are advised to migrate to these fixed releases to mitigate th…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

πŸ“„ Download JSON Data | πŸ“‘ RSS Feed