2 Million Cisco Devices at Risk: Critical 0-Day Vulnerability Actively Exploited

Millions of Cisco Devices Affected by Actively Exploited Zero-Day Vulnerability A critical zero-day vulnerability affecting as many as 2 million Cisco devices has been identified, allowing attackers to remotely crash or execute code on vulnerable systems. The vulnerability, tracked as CVE-2025-20352, was present in all supported versions of Cisco IOS and Cisco IOS XE, the operating system powering a wide range of networking devices. According to Cisco's Product Security Incident Response Team (PSIRT), the vulnerability was discovered after local Administrator credentials were compromised. "We strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability," said a Cisco spokesperson in an interview. The vulnerability carries a severity rating of 7.7 out of a possible 10 and can be exploited by low-privileged users to create a denial-of-service attack or by higher-privileged users to execute code with unfettered root privileges. "This is a serious issue that requires immediate attention from network administrators," said Mark Stanislav, a security expert at Kaspersky Lab. The vulnerability was discovered in the IOS component responsible for handling Simple Network Management Protocol (SNMP) requests. Exposing SNMP to the internet can leave devices vulnerable to exploitation. "It's essential for organizations to review their network configurations and ensure that SNMP is not exposed to the internet," added Stanislav. This zero-day vulnerability highlights the ongoing threat of cyber attacks on critical infrastructure. As more devices become connected to the internet, the risk of exploitation increases. "The fact that this vulnerability was actively exploited in the wild underscores the importance of regular software updates and patching," said a Cisco spokesperson. Cisco has released fixed software releases for affected devices, and customers are advised to upgrade as soon as possible. The company is also working with its partners to provide additional support and guidance. In related news, researchers at cybersecurity firm FireEye have reported observing attempts to exploit this vulnerability in the wild. "We've seen multiple instances of attackers attempting to exploit this vulnerability," said a FireEye spokesperson. "It's essential for organizations to take immediate action to protect their networks." As the threat landscape continues to evolve, it is crucial for network administrators and security professionals to stay vigilant and keep their systems up-to-date with the latest patches. Background: Cisco IOS and Cisco IOS XE are widely used operating systems powering a variety of networking devices, including routers, switches, and firewalls. The vulnerability affects all supported versions of these operating systems, making it a critical issue for organizations relying on Cisco devices. Additional Perspectives: Security experts emphasize the importance of regular software updates and patching to prevent exploitation of vulnerabilities like this one. "This incident serves as a reminder that cybersecurity is an ongoing process," said Stanislav. "Organizations must prioritize security and stay vigilant in the face of evolving threats." Current Status and Next Developments: Cisco has released fixed software releases for affected devices, and customers are advised to upgrade as soon as possible. The company will continue to work with its partners to provide additional support and guidance. As researchers continue to monitor the threat landscape, it is essential for organizations to stay informed about the latest developments and take proactive measures to protect their networks. *Reporting by Arstechnica.*