Emergency Security Bulletin: Cisco IOS and IOS XE SNMP Denial of Service and Remote Code Execution Vulnerability

About:

RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.

VULNERABILITIES

Cisco IOS and IOS XE SNMP Denial of Service and Remote Code Execution Vulnerability 

CVSS Score: 7.7 (High)
Identifier: CVE-2025-20352  
Exploit or Proof of Concept (PoC): Yes – Cisco reports in-the-wild exploitation.
Update: CVE-2025-20352 – Cisco Security Advisory 

Description:  

CVE-2025-20352 is a vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE. A stack-based buffer overflow (CWE-121) can be triggered by a specially crafted SNMP packet (v1, v2c, or v3) sent over IPv4 or IPv6 to a device with SNMP enabled. Successful exploitation can lead to a denial-of-service condition or remote code execution, depending on context. Exposure applies to IOS/IOS XE devices with SNMP services active.

Mitigation Recommendation:   

Patching is currently the only method of mitigation. Please update to the fixed software versions listed in the Cisco Security Advisory. If immediate patching is not feasible, restrict or disable SNMP where possible (limit to trusted managers with ACLs, prefer SNMPv3 with strong authentication and privacy, and block SNMP from untrusted networks) until updates are applied.