Security News > 2023 > October > Cisco warns of new IOS XE zero-day actively exploited in attacks

Cisco warned admins today of a new and maximum severity zero-day vulnerability in its IOS XE Software that can let attackers gain full administrator privileges and take complete control of affected routers.
"Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface feature of Cisco IOS XE software when exposed to the internet or untrusted networks," the company revealed today.
Cisco identified related activity dating back to September 18 following further investigation into the attacks.
Last month, Cisco cautioned customers to patch another zero-day vulnerability in its IOS and IOS XE software targeted by attackers in the wild.
Cisco urges admins to fix IOS software zero-day exploited in attacks.
Cisco warns of VPN zero-day exploited by ransomware gangs.
News URL
Related news
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- iOS devices face twice the phishing attacks of Android (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- ⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- SAP fixes suspected Netweaver zero-day exploited in attacks (source)