Cisco Discloses Exploitation Of IOS Zero-Day Vulnerability

The high-severity flaw can be exploited to enable remote execution of code or denial of service, Cisco says.

Cisco reported Wednesday that a zero-day vulnerability impacting its IOS and IOS XE platforms has seen exploitation in cyberattacks.

The high-severity flaw can be exploited to enable remote execution of code or denial of service, according to Cisco.

IOS is a widely used Cisco networking software platform that has previously been targeted by threat actors, including during a wave of attacks in 2023 that compromised tens of thousands of devices.

In an advisory Wednesday, Cisco said that it has released software fixes to address the newly disclosed IOS vulnerability (which is tracked as CVE-2025-20352).

The tech giant said that an attacker who is authenticated and has “low” privileges could exploit the flaw to “cause a denial of service (DoS) condition on an affected device.”

An authenticated user with “high” privileges could also execute code as root user on an impacted IOS device by exploiting the vulnerability, Cisco said.

The scope of exploitation so far was not specified in the advisory, but Cisco said that its Product Security Incident Response Team (PSIRT) “became aware of successful exploitation of this vulnerability in the wild after local Administrator credentials were compromised.”

“We strongly urge customers to upgrade to updated releases or - if an immediate upgrade is not feasible - implement the mitigation outlined in the advisory until an upgrade can be applied,” Cisco said in a statement provided to CRN.

The vulnerability has received a “high” severity rating of 7.7 out of 10.0.