CVE-2025-20169

CVE-2025-20169 is a vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software that could allow an authenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device. The issue stems from improper error handling when parsing SNMP requests, affecting SNMP versions 1, 2c, and 3. An attacker could exploit this by sending a crafted SNMP request to the device, potentially causing it to reload unexpectedly and disrupting network operations.

To exploit the vulnerability, an attacker requires some level of authentication depending on the SNMP version in use. For SNMP v1 or v2c, the attacker must know a valid read-only or read-write SNMP community string for the affected system. For SNMP v3, valid SNMP user credentials are necessary. A successful exploit results in the device reloading, leading to a DoS condition with no impact on confidentiality or integrity, as reflected in the CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H) and associated CWE-805.

The Cisco Security Advisory provides detailed guidance on mitigation and affected versions; practitioners should consult https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-sdxnSUcW for patch information, workarounds, and verification steps.