As many as 2 million Cisco devices affected by actively exploited 0-day

A staggering 2 million Cisco devices are at risk due to a critical zero-day vulnerability that can be exploited to remotely crash systems or execute unauthorized code. Cisco disclosed this alarming information on Wednesday, identifying the vulnerability as CVE-2025-20352. This flaw is present in all supported versions of Cisco IOS and Cisco IOS XE, the operating systems that power a wide array of Cisco's networking equipment. This vulnerability is particularly concerning as it can be exploited by users with low privileges to launch denial-of-service attacks, while higher-privileged users could execute malicious code with root access. It has been assigned a severity rating of 7.7 out of 10, indicating a significant risk. The Cisco Product Security Incident Response Team (PSIRT) revealed that they became aware of successful exploits in the wild after local administrator credentials were compromised. In their advisory, Cisco strongly urged customers to upgrade to a patched software version to mitigate this serious risk. The root of the vulnerability lies in a stack overflow error within the IOS component that processes SNMP (Simple Network Management Protocol) data, which is used by routers and other network devices to manage information within a network. Attackers can exploit this flaw by sending specially crafted SNMP packets. To successfully execute malicious code, an attacker would need access to a read-only community string, a form of SNMP authentication that is often pre-configured on devices. Even if modified by administrators, these strings are frequently known within organizations, making them vulnerable to exploitation. Additionally, the attacker must have certain privileges on the compromised systems to achieve remote code execution (RCE) capabilities that operate with root-level permissions.