CVE-2025-20352

Name of the Vulnerable Software and Affected Versions Cisco IOS and IOS XE Software versions prior to IOS XE 17.15.4a

Description A vulnerability exists in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software. This flaw, a stack overflow condition, allows an authenticated remote attacker with low privileges to cause a denial of service (DoS) condition by sending a crafted SNMP packet. An attacker with high privileges can execute code as the root user, gaining full control of the system. This vulnerability is actively exploited in the wild, with attackers deploying Linux rootkits. Operation Zero Disco is the name given to the campaign exploiting this flaw. Approximately 1.2 million devices are potentially exposed. The vulnerability affects all versions of SNMP. Attackers are leveraging SNMPv1 or v2c with read-only community strings or valid SNMPv3 credentials to exploit the vulnerability.

Recommendations Update Cisco IOS and IOS XE Software to version 17.15.4a or later. Restrict SNMP access to trusted hosts. Consider disabling SNMPv1 and v2c and transitioning to SNMPv3 with authentication and encryption. Monitor for unusual SNMP traffic and potential signs of compromise.