Operation Zero Disco Exploits Cisco SNMP Flaw CVE-2025-20352 to Deploy Linux Rootkits on Legacy Systems

Trend Micro researchers have uncovered a sophisticated cyber campaign named "Operation Zero Disco," which exploits the CVE-2025-20352 vulnerability in Cisco's SNMP implementation. This flaw allows threat actors to deploy Linux rootkits on outdated systems running Cisco IOS and IOS XE. Successful exploitation grants attackers root-level access, enabling the installation of malicious software that can remain undetected on compromised systems. The campaign specifically targets older Cisco devices that may not have received recent security updates, highlighting the risks associated with legacy systems in enterprise networks. Technically, SNMP vulnerabilities are particularly concerning due to the protocol's widespread use in network management. Exploitation of such vulnerabilities can provide attackers with extensive control over network devices, facilitating lateral movement and data exfiltration. The use of rootkits in this campaign indicates a high level of sophistication, as rootkits are designed to evade detection and maintain persistent access. The impact of this vulnerability on the cybersecurity landscape is significant. Organizations that fail to update their network devices are at heightened risk of compromise. This incident underscores the critical importance of regular patch management and the need to prioritize updates for network infrastructure, which is often overlooked in favor of endpoint security. For cybersecurity professionals, the key takeaway is the necessity of comprehensive asset management and patching strategies. Organizations should immediately inventory their Cisco devices, identify those running outdated versions of IOS or IOS XE, and apply the necessary patches or mitigations. Additionally, network segmentation and continuous monitoring for unusual SNMP activity can help detect and prevent exploitation attempts. In conclusion, Operation Zero Disco serves as a stark reminder of the dangers posed by unpatched vulnerabilities in network devices. Cybersecurity teams must remain vigilant and proactive in their defense strategies to mitigate such threats effectively.