The banner is just a text string. It can be faked (via banner editing) or obfuscated. However, in most enterprise environments, seeing ssh-2.0-cisco-1.25 reliably indicates a Cisco device running a firmware release from roughly the mid-2000s to early 2010s.
Flaws found in modern IOS and IOS XE distributions allow unauthorized users to repeatedly knock critical network infrastructure offline.
After upgrade, verify the new banner (which should be something like SSH-2.0-Cisco-2.0 or SSH-2.0-Cisco-1.99 ).
This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later. ssh-2.0-cisco-1.25 vulnerability
SSH-2.0-Cisco-1.25 is not a CVE by itself — it’s a identifying a Cisco IOS or IOS-XE device running an SSH server version derived from old/embedded code. It’s often flagged in scans because:
: A Man-in-the-Middle (MitM) attacker can downgrade the connection's security by deleting specific protocol messages during the handshake without the client or server noticing. Cisco Bug ID : CSCwi61646 . 2. Unauthenticated Remote Code Execution (CVE-2025-32433)
What specific and current IOS version are you running? Is this device directly exposed to the public internet? The banner is just a text string
Scanning tools like Shodan and Censys have identified over globally of the "SSH-2.0-Cisco-1.25" banner. This broad exposure makes these devices prime targets for automated exploit scripts. Remediation and Best Practices
Many legacy Cisco systems displaying the 1.25 string rely on older, default SSH negotiation ciphers. This makes them primary targets for the widespread .
The string SSH-2.0-Cisco-1.25 is parsed into two distinct parts: Flaws found in modern IOS and IOS XE
This timeline helps visualize the long lifespan of the issues associated with this banner.
A: No. Modern Cisco platforms run a completely different SSH stack (often based on OpenSSH) and report different version strings (e.g., SSH-2.0-Cisco-2.0 or SSH-2.0-OpenSSH_8.2 ).
Older Cisco SSH implementations, including those that may return the 1.25 identifier, have been subject to other notable security advisories: What is Cisco-1.25 in ssh logging.