Up to 2 million Cisco devices are susceptible to attacks from hackers that can remotely crash, implant malware, execute commands, and potentially extract data on vulnerable systems.
Cisco has said the vulnerability, tracked as CVE-2025-20352, was present in all supported
versions of Cisco IOS and Cisco IOS XE, the operating system that powers a
wide variety of the company’s networking devices.
In a significant update on a previous malicious
campaign exposed last year, Cisco has said the same threat actor has exploited new
vulnerabilities in Cisco Adaptive Security Appliance (ASA) 5500-X Series devices to implant malware, execute
commands, and potentially extract vital data from compromised devices.
In a statement published
last week, Cisco said; “The Cisco Product Security Incident Response Team (PSIRT) became aware of
successful exploitation of this vulnerability in the wild after local Administrator credentials were compromised.
Cisco strongly recommends that customers upgrade to a fixed software release to remediate this vulnerability.”
image: shuterstock/JHVEPhoto