SNMPv3 Vulnerability in Cisco IOS and IOS XE Software
CVE-2025-20151

4.3MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco iOS Xe Catalyst Sd-wan
Vendor
CVE Published:
7 May 2025

Badges

👾 Exploit Exists

Summary

A vulnerability exists in Cisco IOS and IOS XE software that allows an authenticated remote attacker to poll devices using the Simple Network Management Protocol Version 3 (SNMPv3), despite configurations that should restrict such access. This issue arises from how SNMPv3 configurations are stored within the software's startup configuration. An attacker, who possesses valid SNMPv3 user credentials, could exploit this flaw to perform unauthorized SNMP operations by utilizing a source address that should have been denied. This vulnerability highlights significant risks if appropriate security measures are not fully implemented.

Affected Version(s)

Cisco IOS XE Catalyst SD-WAN 16.10.6

Cisco IOS XE Catalyst SD-WAN 16.12.3

Cisco IOS XE Catalyst SD-WAN 16.12.1

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-20151 : SNMPv3 Vulnerability in Cisco IOS and IOS XE Software | SecurityVulnerability.io