Infographic on Cisco CVE-2025-20352: icons of SNMP packets, RCE/DoS warnings, affected devices (Meraki MS390, Catalyst 9300), exploitation chain (credential hack to root access), and mitigation steps like patching and SNMP view configs.

Cisco disclosed CVE-2025-20352, a zero-day stack overflow (CWE-121) in the SNMP subsystem of IOS and IOS XE software, enabling remote attackers to trigger RCE or DoS via crafted IPv4/IPv6 SNMP packets (v1/v2c/v3). Identified during a TAC case, the flaw was confirmed actively exploited in the wild on September 24, 2025, often after initial credential compromise, highlighting chained attacks.

Infographic on Cisco CVE-2025-20352: icons of SNMP packets, RCE/DoS warnings, affected devices (Meraki MS390, Catalyst 9300), exploitation chain (credential hack to root access), and mitigation steps like patching and SNMP view configs.Infographic on Cisco CVE-2025-20352: icons of SNMP packets, RCE/DoS warnings, affected devices (Meraki MS390, Catalyst 9300), exploitation chain (credential hack to root access), and mitigation steps like patching and SNMP view configs.

Severity varies: Low-privileged authenticated attackers (SNMPv2c read-only or SNMPv3 creds) can cause device reloads (DoS); high-privileged admins (level 15) achieve root RCE on IOS XE. Vulnerable devices include Meraki MS390 and Catalyst 9300 switches with SNMP enabled—check via "show running-config." No workarounds exist, but Cisco urges immediate patching; mitigation involves SNMP views excluding affected OIDs, though it may disrupt management tools.

Infographic on Cisco CVE-2025-20352: icons of SNMP packets, RCE/DoS warnings, affected devices (Meraki MS390, Catalyst 9300), exploitation chain (credential hack to root access), and mitigation steps like patching and SNMP view configs.Infographic on Cisco CVE-2025-20352: icons of SNMP packets, RCE/DoS warnings, affected devices (Meraki MS390, Catalyst 9300), exploitation chain (credential hack to root access), and mitigation steps like patching and SNMP view configs.

Broad impacts underscore SNMP risks: Restrict access to trusted sources, enforce strong creds, and disable SNMP if unused. The advisory (cisco-sa-snmp-x4LPhte) stresses upgrades to remediate, as exploitation grants full system control, threatening network integrity.
 

NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security