Several vulnerability advisories were issued that impact devices using Cisco IOS and Cisco IOS XE firmware. Most notably, CVE-2025-20352 has already been observed in active exploitation. Continue reading this Cybersecurity Threat Advisory to mitigate your risks from this vulnerability.
What is the threat?
CVE-2025-20352 affects Meraki MS390 and Cisco Catalyst 9300 Series Switches running Meraki CS 17 and earlier. The vulnerability stems from a stack overflow condition present in all versions of SNMP. It is triggered by a crafted SNMP packet combined with a valid community string or SNMPv3 credentials. Lower privilege assigned to target object may result in a denial-of-service (DoS) condition, while higher privileges could allow for execution of arbitrary code.
Why is it noteworthy?
There are currently no workarounds or patches available, and the vulnerability has already been observed in active exploitation. To mitigate the risk, administrators are advised to restrict SNMP permissions to trusted users and disable the affected OIDs.
What is the exposure or risk?
Since design and implementation of SNMP are geared towards external communication, all accounts setup for this protocol as exposed.
What are the recommendations?
Barracuda recommends the following actions to mitigate your risks:
- Configure SNMPv3 to use both authentication and encryption features to enhance network security.
- Audit accounts with SNMP privileges, following the principle of least privilege and enforcement of strong passwords. If that is not possible then ensure the community string is regularly changed.
- Ensure the affected OID(s) have been removed from the configuration file, and any default strings have been changed accordingly
- Disable versions of SNMP that aren’t in use, or entirely. For environments using SNMPv3 that wish to add additional hardening measures, combine MIB whitelisting using SNMP views.
References
For more in-depth information about the recommendations, please visit the following links:
- https://www.cisa.gov/news-events/alerts/2017/06/05/reducing-risk-snmp-abuse
- https://sec.cloudapps.cisco.com/security/center/softwarechecker.x
- https://www.helpnetsecurity.com/2025/09/25/cisco-ios-xe-cve-2025-20352/
- https://www.cisa.gov/news-events/alerts/2017/06/05/reducing-risk-snmp-abuse
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.