Cisco IOS - Geek Feed

Australia warns of BadCandy infections on unpatched Cisco devices

November 3, 2025November 3, 2025 geekfeed0Tagged Actively Exploited, BadCandy, cisco, Cisco IOS, vulnerability, Web Shell

The Australian government is warning about ongoing cyberattacks against unpatched Cisco IOS XE devices in the country to infect routers with the BadCandy webshell. The vulnerability exploited in these attacks is CVE-2023-20198, a max-severity flaw that allows remote unauthenticated threat actors to create a local admin user via the web user interface and take over […]

2 mins read

Cisco warns of IOS zero-day vulnerability exploited in attacks

September 28, 2025September 28, 2025 geekfeed0Tagged Actively Exploited, cisco, Cisco IOS, Code Execution, CVE-2025-20149, CVE-2025-20240, CVE-2025-20352, Denial of Service, DoS, Remote Code Execution, Zero-Day

Cisco has released security updates to address a high-severity zero-day vulnerability in Cisco IOS and IOS XE Software that is currently being exploited in attacks. Tracked as CVE-2025-20352, the flaw is due to a stack-based buffer overflow weakness found in the Simple Network Management Protocol (SNMP) subsystem of vulnerable IOS and IOS XE software, impacting […]

2 mins read

Exploit details for max severity Cisco IOS XE flaw now public

June 2, 2025June 2, 2025 geekfeed0Tagged cisco, Cisco IOS, CVE-2025-20188, exploit, File Upload, rce, RCE exploit script, Remote Code Execution, vulnerability

Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. The write-up by Horizon3 researchers does not contain a ‘ready-to-run’ proof of concept RCE exploit script, but it does provide enough information for a skilled attacker or […]

2 mins read