Cisco ‘Strongly Recommends’ Software Update to Address High-Risk Vulnerability

By  |  September 25, 2025
 | 
Cisco headquarters

Cisco released software updates Wednesday (Sept. 24) that address a vulnerability that could leave affected devices open to denial of service (DoS) and remote code execution attacks.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    The vulnerability, and the updates, are related to the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software, the company said in a Wednesday security advisory.

    “This vulnerability is due to a stack overflow condition in the SNMP subsystem of the affected software,” the security advisory said. “A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system.”

    Cisco assigned this vulnerability a Common Vulnerability Scoring System (CVSS) score of 7.7 on a 10-point scale, placing it in the second-highest category of vulnerability severity, “high.”

    The company said in the security advisory that its software updates address this vulnerability and there is a mitigation that addresses it, but there are no workarounds that address the vulnerability.

    “The Cisco Product Security Incident Response Team (PSIRT) became aware of successful exploitation of this vulnerability in the wild after local Administrator credentials were compromised,” the security advisory said. “Cisco strongly recommends that customers upgrade to a fixed software release to remediate this vulnerability.”

    Advertisement: Scroll to Continue

    Ars Technica reported Thursday (Sept. 25) that as many as 2 million Cisco devices are susceptible to this vulnerability and that the affected operating system powers a wide variety of the company’s networking devices.

    The PYMNTS Intelligence report “Cybersecurity Risks Cause Middle-Market CFOs to Cancel Innovation Plans” found that 42% of middle-market firms report significant cybersecurity risks.

    Among middle-market firms in high uncertainty environments — those facing high uncertainty due to fluctuating demand, supply chain disruptions or macroeconomic volatility — that share rises to 88%, according to the report.

    The Wall Street Journal reported in May 2024 that 90% of companies said their cybersecurity risks had increased over the previous year. The WSJ learned this by surveying about 300 compliance professionals in the United States, including about 100 who worked in financial services.


    Recommended

    Citi and PYMNTS Launch the Stable State Podcast: Straight Talk on Stablecoins and Digital Assets

    20th Century Payments Are Crippling Modern Media’s Growth

    young woman with phone

    18% of Gen Z Turn to BNPL as Credit Plays a Smaller Role

    When AI Agents Go Shopping, Payments Shift to the Start of the Journey

    See More In: , , , , , ,