Threat intel · 2 MIN READ · BEN NAHORNEY AND MATT JASTRAM · OCT 15, 2025 · TAGS: vulnerability prioritization
TL;DR
- This month we’re covering a recent vulnerability in Cisco IOS.
- Microsoft released 175 new CVEs this month.
- Read on to see the vulnerabilities that we think are most deserving of your attention.
Halloween may be considered the spookiest day in October, but for some, this month’s Patch Tuesday is a close second. This month’s release includes a hefty 175 new CVEs, eight of which are marked as critical. And most frightening of all? There are six zero-day vulnerabilities in the lot!
Patch Tuesday: October 14, 2025
A batch of 175 vulnerabilities is a lot to field in one month. But not to fear, here are the three we think are most deserving of being driven from your environment first:
- Windows Agere Modem Driver Elevation of Privilege Vulnerability (CVE-2025-24990): An attacker who successfully exploits this vulnerability could gain administrator privileges on the impacted system. This vulnerability is actively being exploited in the wild and was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog today. To remediate this vulnerability, Microsoft decided to completely remove the driver from the Windows operating system in this month’s cumulative update.
- Windows Remote Access Connection Manager Elevation of Privilege Vulnerability (CVE-2025-59230): This is an improper access control vulnerability in the Windows Remote Access Connection Manager that can be exploited to gain SYSTEM privileges. This vulnerability has also been exploited in the wild, leading CISA to add it to the KEV catalog. There are 39 different applications impacted, which is a considerable range of Microsoft products.
- Windows Server Update Service (WSUS) Remote Code Execution Vulnerability (CVE-2025-59287): This is a remote code execution vulnerability in the Windows Server Update Service (WSUS). A remote, unauthenticated attacker could send a crafted event that triggers unsafe object deserialization in a legacy serialization mechanism, giving them control of the target system. This critical vulnerability has a CVSS score of 9.8. The vulnerability impacts 13 Windows versions, reaching all the way back to the Windows Server 2012 edition.
Exploit Tales: Cisco IOS
This month we’re taking a look at CVE-2025-20352, a stack-based buffer overflow vulnerability in Cisco IOS and IOS EX’s Simple Network Management Protocol (SNMP) subsystem. This high-severity zero-day vulnerability continues to be exploited in the wild.
Carrying out the attack requires threat actors to obtain valid credentials. Once authenticated, there are two different attack paths available depending on the level of privileges obtained.
If the attacker acquires low privileges on an unpatched, targeted system, they can trigger a denial-of-service (DoS) attack. This could lead to operational network downtime, disrupting business operations.
If the attacker achieves high privileges they can execute arbitrary code as a root user, gaining full system control. This could also allow an attacker to intercept traffic, modify configurations, run arbitrary code, or use the device as a pivot point to further an attack.
Cisco has confirmed exploitation after discovering instances of local administrator credentials that had been compromised. The company strongly urges customers to upgrade to a patched software release. If patching is not immediately feasible, they recommend restricting SNMP access to trusted users and monitor for suspicious activity.
This isn’t the only Cisco IOS vulnerability that is known to be targeted by bad actors. Alongside CVE-2025-20352, there are 45 IOS vulnerabilities in CISA’s KEV catalog and 81 total Cisco-related CVEs.
Cisco is a huge target for attackers, given their large share of the enterprise networking market. Their devices’ placement on an organization’s network edge also makes them a prime target for bad actors to try to gain a foothold. As a result, we recommend patching high-severity vulnerabilities in Cisco devices as soon possible in order to protect your environment.
That’s all we have for this month’s Patch Tuesday blog. If you have questions about the vulnerabilities discussed here, drop us a line.
