Cisco IOS/IOS XE SNMPv3 Unauthorized Polling Vulnerability
CVE-2025-20151 Published on May 7, 2025
Cisco IOS and IOS XE Software SNMPv3 Configuration Restriction Vulnerability
A vulnerability in the implementation of the Simple Network Management Protocol Version 3 (SNMPv3) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to poll an affected device using SNMP, even if the device is configured to deny SNMP traffic from an unauthorized source or the SNMPv3 username is removed from the configuration.
This vulnerability exists because of the way that the SNMPv3 configuration is stored in the Cisco IOS Software and Cisco IOS XE Software startup configuration. An attacker could exploit this vulnerability by polling an affected device from a source address that should have been denied. A successful exploit could allow the attacker to perform SNMP operations from a source that should be denied.
Note: The attacker has no control of the SNMPv3 configuration. To exploit this vulnerability, the attacker must have valid SNMPv3 user credentials.
For more information, see the section of this advisory.
Vulnerability Analysis
CVE-2025-20151 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
Configuration
Weaknesses in this category are typically introduced during the configuration of the software.
Products Associated with CVE-2025-20151
Want to know whenever a new CVE is published for Cisco Ios Xe Sd Wan? stack.watch will email you.
Affected Versions
Cisco IOS XE Catalyst SD-WAN:- Version 16.10.6 is affected.
- Version 16.12.3 is affected.
- Version 16.12.1 is affected.
- Version 16.12.1a is affected.
- Version 16.12.4a is affected.
- Version 16.12.2r is affected.
- Version 16.12.1c is affected.
- Version 16.10.4 is affected.
- Version 16.12.1b1 is affected.
- Version 16.10.5 is affected.
- Version 16.12.4 is affected.
- Version 16.10.3 is affected.
- Version 16.10.3a is affected.
- Version 16.12.1b is affected.
- Version 16.10.3b is affected.
- Version 16.12.1d is affected.
- Version 16.11.1s is affected.
- Version 16.9.1 is affected.
- Version 16.11.1a is affected.
- Version 16.11.1d is affected.
- Version 16.9.2 is affected.
- Version 16.10.1 is affected.
- Version 16.11.1f is affected.
- Version 16.9.4 is affected.
- Version 16.9.3 is affected.
- Version 16.10.2 is affected.
- Version 16.12.1e is affected.
- Version 16.11.1b is affected.
- Version 16.11.1 is affected.
- Version 16.12.5 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.