Overview
Cisco has issued a security advisory regarding a high-severity flaw within the Simple Network Management Protocol (SNMP) subsystem of its IOS and IOS XE operating systems, which underpin Cisco’s networking appliances.
- CVE-2025-20352: Stack-based buffer overflow (CVSSv3 score: 7.7). A successful attack could enable a remote, authenticated adversary to run arbitrary code or trigger a denial-of-service condition. To achieve remote code execution, the attacker would need either the SNMPv1 or SNMPv2c read-only community string, or valid SNMPv3 credentials with administrative or privilege level 15 access on the target device.
This vulnerability is currently known to be under active exploitation.
Cisco has published a security advisory concerning two critical vulnerabilities and one of medium severity affecting Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defence (FTD) Software, as well as certain configurations of Cisco IOS, IOS XE, and IOS XR operating systems. Cisco ASA and FTD function as security appliances offering firewall, intrusion prevention system (IPS), and virtual private network (VPN) capabilities.
- CVE-2025-20333: Buffer copy without validating input size (CVSSv3 score: 9.9). Exploitation could enable a remote, authenticated attacker to execute arbitrary code on a vulnerable device.
- CVE-2025-20362: Missing authorisation flaw (CVSSv3 score: 6.5). This could allow a remote, unauthenticated attacker to reach restricted URL endpoints that should not be accessible without proper authentication.
- CVE-2025-20363: Heap-based buffer overflow (CVSSv3 score: 9.0). Exploitation may allow arbitrary code execution by an unauthenticated, remote attacker (in ASA and FTD Software) or by a low-privilege authenticated, remote attacker (in IOS, IOS XE, and IOS XR Software).
When combined, these vulnerabilities could potentially be chained together, giving a remote, unauthenticated attacker complete control over an affected device.
The UK’s NCSC is calling on network defenders using affected products to urgently investigate this activity and has published new analysis of the malware components – dubbed RayInitiator and LINE VIPER – to assist with detection and mitigation.
Fortra has issued a security update to fix a critical flaw in the GoAnywhere Admin Console. GoAnywhere is an enterprise-grade managed file transfer (MFT) solution.
- CVE-2025-10035: Deserialisation of untrusted data vulnerability (CVSSv3 score: 10.0)
Sudo has a critical vulnerability that is currently being actively exploited on Linux and Unix systems. Sudo is a core utility on Unix-like systems that allows authorised users to execute commands with elevated privileges.
- CVE-2025-32463: Inclusion of functionality from untrusted control sphere vulnerability (CVSS pending). Exploitation allows a local attacker with limited sudo access to bypass normal permission checks and execute arbitrary commands as the root user, even if the commands are not listed in the system’s sudoers configuration.
The flaw exists in how sudo processes the –R (or –chroot) option, which is designed to run commands in an isolated chroot environment. Attackers can abuse this feature to gain full administrative control of affected systems, potentially leading to data theft, service disruptions, or the installation of additional malware.
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Cisco IOS and IOS XE Software: Security Advisories
Cisco VPN devices: Cisco Security Centre; NCSC advisory
Fortra – Go Anywhere: Product Security Advisories
Sudo (Linux) – CISA Known Exploited Vulnerabilities; Sudo – Advisories
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.