Cisco has identified a high-severity zero-day vulnerability, CVE-2025-20352 (CVSS 7.7), affecting the Simple Network Management Protocol (SNMP) component in IOS and IOS XE Software. The vulnerability is currently being actively exploited and could allow an authenticated remote attacker to execute arbitrary code or cause a denial-of-service (DoS) condition on vulnerable devices.

Affected Systems:

Devices are vulnerable if SNMP is enabled. Affected products include:

• Cisco IOS Software

• Cisco IOS XE Software

• Meraki MS390 switches running Meraki CS 17 or earlier

• Cisco Catalyst 9300 Series switches running Meraki CS 17 or earlier.

Security Risks

Successful exploitation by an attacker with SNMP access and valid credentials may crash the device or enable execution of arbitrary code with root-level privileges, potentially resulting in full system compromise and widespread network disruption.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to:

• Follow and put in place the Cisco updates to address the SNMP vulnerability. For detailed information on affected products, mitigation steps and fixed software versions, please refer to the Cisco Security Advisory.

• Ensure you have the latest backup that can be restored easily before applying any updates or patches.

For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009.

References

• Cisco Security Advisory

• Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software

• Cisco warns of IOS zero-day vulnerability exploited in attacks