CVE-2025-20312 — Infinite Loop in Cisco IOS XE Software

CWE-835 — Infinite Loop4 documents4 sources

Severity

7.7HIGHNVD

EPSS

0.1%

top 72.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE Software

Timeline

PublishedSep 24

Description

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when parsing a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, re…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 3.1 | Impact: 4.0

Affected Packages1 packages

▶CVEListV5cisco/cisco_ios_xe_software126 versions+125

🔴Vulnerability Details

CVEList

CVE-2025-20312: A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to c↗2025-09-24

▶

GHSA

GHSA-6cwx-5rq4-6px8: A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to c↗2025-09-24

▶

📋Vendor Advisories

Cisco

Cisco IOS XE Software Simple Network Management Protocol Denial of Service Vulnerability↗2025-09-24

▶