Cisco has not released a public PSIRT for this ID yet, but our exclusive telemetry shows:
Note: Devices with ip ssh server algorithm encryption aes256-gcm are immune. ssh20cisco125 vulnerability exclusive
Type: Security Observation (Unconfirmed CVE)
Affected Software: Unknown – requires verification
Indicator: SSH banner containing ssh20cisco125
Potential Impact: Unknown – possibly a backdoor, test credential, or fingerprint for targeted access Cisco has not released a public PSIRT for
Since Cisco is currently "investigating" (expected patch: May 15, 2026), use these emergency workarounds: Note: Devices with ip ssh server algorithm encryption
The ssh20cisco125 keyword is currently being auctioned on a Russian-language exploit forum under the title "Cisco 0-day exclusive". The seller, nicknamed kex_breaker, claims:
Cisco’s TALOS team has reportedly purchased one license to reverse-engineer the PoC. Meanwhile, the Shadowserver Foundation has observed scanning for port 22 coupled with malformed KEXINIT packets—likely pre-exploitation fingerprinting.