Cisco Systems today warned that a serious vulnerability CVE-2025-20352 is being exploited in the wild. This flaw is now being actively exploited in the wild. This vulnerability has a CVSS score of 7.7. It represents the greatest risk ever found to IoT devices powered by Cisco in IOS. Cisco found that the local Administrator credentials were obtained. This shocking discovery puts an important responsibility on all users to act quickly and decisively.
Cisco released a security advisory describing the results in detail. It contains deep technical insight on CVE-2025-20352 and what it means. The advisory is available at Cisco Security Advisory.
Nature and Impact of the Vulnerability
CVE-2025-20352 is classified as a high vulnerability against all versions of Simple Network Management Protocol (SNMP). Cisco further stated that all devices where SNMP is turned on are susceptible. Submission impacts equally, if those devices have not transpired precautions to exclude the impacted object identifier (OID).
Cisco stated, “This vulnerability affects all versions of SNMP. All devices that have SNMP enabled and have not explicitly excluded the affected object ID (OID) should be considered vulnerable.” The global ubiquity of this issue leaves us all extremely vulnerable to remote attack and unauthorized access and manipulation of network devices.
Exploitation and Security Measures
According to a recent advisory by Cisco, CVE-2025-20352 was subject to active exploitations. Users should quickly scan their environments for vulnerable systems. The company strongly encourages that app administrators act now to reduce potential risks related to this event.
In their advisory, Cisco suggested, “Administrators can disable the affected OIDs on a device,” as a precautionary measure. Implementation of this recommendation would help prevent the critical systems from being attacked, which could yield deadly effects by undermining network integrity or availability.
Recommendations for Users
Cisco recommends that all network administrators double-check their configurations. Careful implementation of basic measures in cloud environments will protect against all of the threats introduced by CVE-2025-20352. This involves disabling impacted OIDs and making sure all security measures are current.
With this vulnerability now being exploited at-will, swift action has never been more important. Public and private organizations that use Cisco’s IOS software must make the deployment of best security practices a top priority in order to prevent potential unauthorized access attempts.