Cisco has confirmed a new IOS and IOS XE zero-day, the latest in a string of flaws that attackers have been quick to weaponize.

Cisco’s IOS, the networking software workhorse running across countless switches and routers, has long been a punching bag for attackers, most notably in a 2023 spree that left thousands of boxes compromised.

The networking behemoth added yet another high-severity IOS flaw to the tally this week. Tracked as CVE-2025-20352, the vulnerability lives in the Simple Network Management Protocol (SNMP) subsystem and can be tripped with a malicious packet over IPv4 or IPv6 whenever SNMP is enabled.

Attackers with low-privilege SNMP creds can crash a device, while those with higher-privilege access can run arbitrary code as root – a straight shot to total box compromise.

“The Cisco Product Security Incident Response Team (PSIRT) became aware of successful exploitation of this vulnerability in the wild after local Administrator credentials were compromised,” the company said. “Cisco strongly recommends that customers upgrade to a fixed software release to remediate this vulnerability.”

Cisco hasn’t named the culprits behind the exploitation or disclosed how widespread the attacks are, and it also failed to respond to The Register‘s questions in time for publication.

There’s no clever workaround this time, and the only reliable mitigation is to patch. Cisco suggests admins can buy themselves a little time by restricting SNMP access to trusted management hosts, but that’s cold comfort if the attacker is already inside the fence. 

Alongside this fix, Cisco bundled updates for a cross-site scripting vulnerability and a denial-of-service flaw, though CVE-2025-20352 is the one that is raising the alarm bells.

Given Cisco’s track record of IOS zero-days being hammered in the wild, anyone leaving this one until the next maintenance window is taking a gamble they’ll probably lose. ®