Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Cisco security patch release for CVE-2025-20352

Security Patch Release
First reported
Last updated
Happening score
H score 54
2 unique sources, 3 articles

Summary

Hide ▲

Cisco released security updates for Cisco IOS and IOS XE Software to fix CVE-2025-20352, a zero-day in the SNMP subsystem that was exploited in the wild. The flaw is a stack overflow in routers and switches that can be triggered with crafted SNMP packets; low-privileged attackers could cause DoS, while high-privileged attackers could achieve remote code execution as root on affected devices, including Meraki MS390 and Catalyst 9300 switches running Meraki CS 17 and earlier. Cisco said the vulnerability was fixed in Cisco IOS XE Software Release 17.15.4a and urged administrators to update to a patched release as soon as possible. Cisco also said operators who cannot upgrade immediately should limit SNMP access to trusted users as a temporary mitigation, and the same release addressed 13 other vulnerabilities.

Cases

Cisco IOS/IOS XE SNMP Zero-Day Exploitation and Operation Zero Disco (5)

Related Happenings

Cisco security patch release for CVE-2026-20182

Security Patch Release
First: 14.05.2026 20:45 Last: 14.05.2026 20:45 Sources 1

About this happening: Cisco released **updates** for **CVE-2026-20182**, a **maximum-severity authentication bypass** in **Catalyst SD-WAN Controller/Manager**, after the flaw was **exploited in limite...

Open Happening

Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)

Security Patch Release
First: 11.05.2026 17:30 Last: 11.05.2026 17:30 Sources 1

About this happening: **Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...

Open Happening

Cisco security patch release for CVE-2026-20188

Security Patch Release
First: 06.05.2026 21:06 Last: 06.05.2026 21:06 Sources 1

About this happening: **Cisco** released security updates for **CVE-2026-20188**, a high-severity **DoS vulnerability** in **Crosswork Network Controller (CNC)** and **Network Services Orchestrator (NS...

Open Happening

Linux kernel security update for Copy Fail (CVE-2026-31431)

Security Patch Release
First: 30.04.2026 16:54 Last: 30.04.2026 16:54 Sources 1

About this happening: **Linux kernel** maintainers have fixed **CVE-2026-31431** and are rolling out updates to close a **local privilege escalation** flaw that lets an unprivileged attacker gain **roo...

Open Happening

Cisco security patch release for CVE-2026-20184

Security Patch Release
First: 16.04.2026 14:27 Last: 16.04.2026 14:27 Sources 1

About this happening: **Cisco** released patches for **four critical flaws** affecting **Identity Services Engine (ISE)**, **ISE-PIC**, and **Webex Services**, closing paths to **arbitrary code executi...

Open Happening

Timeline

  1. 16.10.2025 21:13 1 articles · 7mo ago

    Threat actors deploy Linux rootkit on Cisco switches via CVE-2025-20352

    Exploitation Observed

    Trend Micro says threat actors exploited CVE-2025-20352 in Cisco IOS and IOS XE SNMP on older Cisco 9400, 9300, and legacy 3750G series devices to deploy a Linux rootkit, gain persistent access, and attempt CVE-2017-3881 as part of Operation Zero Disco.

    Show sources
    Open in new tab
  2. 24.09.2025 19:52 2 articles · 8mo ago

    Cisco releases fixes for exploited IOS zero-day CVE-2025-20352

    Initial Disclosure

    Cisco releases security updates for Cisco IOS and IOS XE Software to remediate CVE-2025-20352, a high-severity zero-day stack-based buffer overflow in the SNMP subsystem affecting devices with SNMP enabled. On unpatched systems, authenticated remote attackers with low privileges can trigger denial-of-service conditions, and high-privileged attackers can gain complete control of vulnerable Cisco IOS XE systems by executing code as root.

    Show sources
    Open in new tab
  3. 24.09.2025 19:52 2 articles · 8mo ago

    Cisco advises upgrade and temporary SNMP restriction

    Mitigation Patch Update

    Cisco says the Cisco Product Security Incident Response Team (PSIRT) became aware of successful exploitation after local Administrator credentials were compromised, and the company recommends upgrading to a fixed software release to fully remediate the vulnerability. If immediate upgrading is not possible, administrators can temporarily limit SNMP access on affected systems to trusted users, and Cisco also says it patched 13 other security vulnerabilities in the same release, including CVE-2025-20240 and CVE-2025-20149.

    Show sources
    Open in new tab