Cisco released an advisory describing a high-severity vulnerability (CVE-2025-20160) in its IOS and IOS XE platforms. The flaw stems from improper validation of the TACACS+ shared secret configuration.
When TACACS+ is enabled but no secret is set, remote attackers or machine-in-the-middle adversaries can intercept or manipulate authentication messages.
Successful exploitation grants unauthorized access to confidential information or full device control.
https://gbhackers.com/cisco-ios-xe-vulnerability-2/