Cisco Zero-Day Vulnerability - 20250925001¶
Overview¶
Cisco have released the September 2025 Semi-annual Cisco IOS and IOS XE security advisory, addressing nine high-severity and five-medium severity vulnerabilities in the IOS and IOS XE software. One of which is a high-severity zero-day vulnerability that allows a low privileged, authenticated attacker to trigger denial of service conditions on unpatched devices. Cisco has advised this vulnerability is under active exploitation.
What is vulnerable?¶
| Product(s) and Versions Affected | CVE | CVSS | Severity |
|---|---|---|---|
| Cisco IOS & Cisco IOS XE Software prior to 17.15.4a Meraki MS390 and Cisco Catalyst 9300 Series running Meraki CS 17 and earlier |
CVE-2025-20352 | 7.7 | High |
What has been observed?¶
The Cisco Product Security Incident Response Team (PSIRT) became aware of successful exploitation of this vulnerability in the wild after local Administrator credentials were compromised. The WASOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.
Recommendation¶
The WASOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):