CVE-2025-20170

CVE-2025-20170 is a vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software that stems from improper error handling during the parsing of SNMP requests. This flaw affects SNMP versions 1, 2c, and 3, enabling an authenticated, remote attacker to trigger a denial-of-service (DoS) condition by sending a crafted SNMP request to an affected device. Successful exploitation results in the device reloading unexpectedly. The vulnerability has a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H) and is associated with CWE-805.

An attacker requires some level of authentication to exploit this vulnerability. For SNMP v2c or earlier versions, the attacker must possess a valid read-write or read-only SNMP community string for the target system. For SNMP v3, valid SNMP user credentials are necessary. Once authenticated, the attacker can send a specially crafted SNMP request over the network, causing the device to crash and reload, thereby disrupting network services and availability.

For mitigation details, including available patches and workarounds, refer to the Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-sdxnSUcW, published on 2025-02-05.