2 Million Cisco Devices Exposed — Critical SNMP Zero-Day (CVE-2025-20352)

2 Million Cisco Devices Exposed on the Internet

And a Zero-Day Vulnerability Actively Exploited

The Vulnerability: CVE-2025-20352

Recently discovered in the SNMP subsystem of Cisco IOS and IOS-XE, this flaw is:

• A buffer overflow — exploitable via a single crafted SNMP packet
• Authenticated attackers with low privileges can trigger a Denial of Service (DoS)
• Privileged attackers can achieve root-level remote code execution

Result: full compromise of vulnerable Cisco devices.
And since over 2 million SNMP interfaces are directly exposed to the Internet, the impact is massive.

Cisco’s Statement

Cisco confirmed that the vulnerability is already being exploited by cybercriminal groups and state-sponsored actors.
There’s no workaround — only the patch fixes the issue.

As a temporary (but weak) mitigation, you can restrict SNMP access to trusted users only — though that’s just a band-aid on an open wound.

Context: Cyber Warfare Implications

In parallel, the U.S. government has offered a $10 million bounty for three Russian FSB agents accused of exploiting Cisco vulnerabilities to infiltrate critical infrastructures in 135 countries.

This clearly shows how such vulnerabilities are becoming geopolitical weapons.

To make matters worse, Cisco patched 13 other vulnerabilities on the same day — including XSS and DoS flaws.

A Harsh Reminder

• SNMP, a legacy protocol from the 1990s, remains an underestimated entry point
• The attack surface of routers and switches is massive — and too often poorly managed

The Real Question

It’s no longer “Will we be targeted?”
But rather:

“When — and by whom?”

Take Immediate Action

Let’s be clear: apply the patch now.
Not tomorrow.
Not next month.
Now.

Sources

• Cisco Security Advisory — CVE-2025-20352
• CERT-FR Advisory — 2025-AVI-0818