As many as 2 million Cisco devices affected by actively exploited 0-day

A zero-day vulnerability affecting up to 2 million Cisco devices has been actively exploited, allowing attackers to remotely crash or execute code on vulnerable systems. The vulnerability, identified as CVE-2025-20352, exists in all supported versions of Cisco IOS and Cisco IOS XE, posing a risk to various networking devices. It can be leveraged by low-privileged users for denial-of-service attacks or by higher-privileged users to run code with root privileges. Cisco advises customers to upgrade to a patched software release to address this issue, which has a severity rating of 7.7 out of 10.