Cisco has confirmed a new IOS and IOS XE zero-day, the latest in a string of flaws that attackers have been quick to weaponize.

Cisco's IOS, the networking software workhorse running across countless switches and routers, has long been a punching bag for attackers, most notably in a 2023 spree that left thousands of boxes compromised .

The networking behemoth added yet another high-severity IOS flaw to the tally this week. Tracked as CVE-2025-20352, the vulnerability lives in the Simple Network Management Protocol (SNMP) subsystem and can be tripped with a malicious packet over IPv4 or IPv6 whenever SNMP is enabled.

Attackers with low-privilege SNMP creds can crash a device, while those with higher-privilege access can run arbitrary code as root – a straight shot to total box compromise

See Full Page