CVE-2025-20352: Zero-Day in Cisco IOS & IOS XE SNMP Exploited, Allows DoS and Root RCE

CVE-2025-20352 is a critical zero-day vulnerability in Cisco IOS and IOS XE Software that is actively being exploited in the wild. It stems from a stack overflow in the Simple Network Management Protocol (SNMP) subsystem and has been assigned a CVSS score of 7.7 (High). Cisco confirmed in-the-wild exploitation after attackers obtained local administrator credentials. The vulnerability enables two distinct attack scenarios depending on the attacker's privilege level: 1) Denial of Service (DoS): A remote, authenticated attacker with low-level privileges can trigger a DoS if they possess the SNMPv2c (or earlier) read-only community string, or valid SNMPv3 user credentials. 2) Remote Code Execution (RCE): A remote, authenticated attacker with high-level privileges can achieve root-level code execution on affected devices. This requires the SNMPv1 or v2c read-only community string, or valid SNMPv3 user credentials, combined with administrative or privilege-15 access.