Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities
Summary:
Cisco has disclosed several high-severity vulnerabilities in the Simple Network Management Protocol (SNMP) subsystem of its IOS, IOS XE, and IOS XR software. Tracked as CVE-2025-20169, CVE-2025-20170, and CVE-2025-20171, these flaws could allow authenticated, remote attackers to trigger a Denial of Service (DoS) on affected devices. The vulnerabilities stem from improper error handling when parsing SNMP requests, allowing attackers to exploit the issue by submitting specially crafted requests to affected devices. A successful exploit could cause the targeted device to unexpectedly reload, leading to a DoS condition.
Security Officer Comments:
The flaws were uncovered and reported to Cisco by security researcher "leg00m," in collaboration with the Trend Micro Zero Day Initiative. SNMP versions (v1, v2c, and v3) are vulnerable to CVE-2025-20169, CVE-2025-20170, and CVE-2025-20171. To exploit these flaws successfully, attackers would need a valid read-write or read-only community string for systems running SNMP v2c or earlier, and valid user credentials for systems running SNMP v3. As of writing, Cisco does not have any evidence to conclude that these vulnerabilities are actively being exploited in attacks in the wild.
Suggested Corrections:
Cisco plans to release software updates to address these vulnerabilities, but no immediate workarounds are available. However, administrators can mitigate the risk by disabling the vulnerable object identifiers (OIDs) on affected devices. Cisco notes that not all software will support every listed OID, and if an OID is not applicable, the device is not vulnerable to that specific issue. Furthermore, excluding OIDs may impact SNMP management functions, such as discovery and hardware inventory. Cisco also recommends restricting SNMP access only from trusted network devices as a best practice. For further configuration options, administrators can refer to the "Secure Your Simple Network Management Protocol" guide below:
https://www.cisco.com/c/en/us/suppo...370-snmpsecurity-20370.html#toc-hId-908187620
Link(s):
https://sec.cloudapps.cisco.com/sec...coSecurityAdvisory/cisco-sa-snmp-dos-sdxnSUcW
Cisco has disclosed several high-severity vulnerabilities in the Simple Network Management Protocol (SNMP) subsystem of its IOS, IOS XE, and IOS XR software. Tracked as CVE-2025-20169, CVE-2025-20170, and CVE-2025-20171, these flaws could allow authenticated, remote attackers to trigger a Denial of Service (DoS) on affected devices. The vulnerabilities stem from improper error handling when parsing SNMP requests, allowing attackers to exploit the issue by submitting specially crafted requests to affected devices. A successful exploit could cause the targeted device to unexpectedly reload, leading to a DoS condition.
Security Officer Comments:
The flaws were uncovered and reported to Cisco by security researcher "leg00m," in collaboration with the Trend Micro Zero Day Initiative. SNMP versions (v1, v2c, and v3) are vulnerable to CVE-2025-20169, CVE-2025-20170, and CVE-2025-20171. To exploit these flaws successfully, attackers would need a valid read-write or read-only community string for systems running SNMP v2c or earlier, and valid user credentials for systems running SNMP v3. As of writing, Cisco does not have any evidence to conclude that these vulnerabilities are actively being exploited in attacks in the wild.
Suggested Corrections:
Cisco plans to release software updates to address these vulnerabilities, but no immediate workarounds are available. However, administrators can mitigate the risk by disabling the vulnerable object identifiers (OIDs) on affected devices. Cisco notes that not all software will support every listed OID, and if an OID is not applicable, the device is not vulnerable to that specific issue. Furthermore, excluding OIDs may impact SNMP management functions, such as discovery and hardware inventory. Cisco also recommends restricting SNMP access only from trusted network devices as a best practice. For further configuration options, administrators can refer to the "Secure Your Simple Network Management Protocol" guide below:
https://www.cisco.com/c/en/us/suppo...370-snmpsecurity-20370.html#toc-hId-908187620
Link(s):
https://sec.cloudapps.cisco.com/sec...coSecurityAdvisory/cisco-sa-snmp-dos-sdxnSUcW