Ssh-2.0-cisco-1.25 Vulnerability May 2026

The string SSH-2.0-Cisco-1.25 SSH server banner typically seen when connecting to Cisco IOS or IOS-XE devices. This banner itself is a version string, not a specific vulnerability, but its presence indicates the device is running a version of the Cisco SSH implementation that may be susceptible to several known protocol-level and implementation-specific vulnerabilities. Devolutions Forum Key Vulnerabilities Associated with Cisco SSH

Vulnerability Details

Check Cisco’s advisory for your exact hardware and feature set. ssh-2.0-cisco-1.25 vulnerability

Many Cisco devices running the 1.25 stack are vulnerable to the Terrapin attack, a prefix truncation weakness.

2. Device Replacement In many cases, devices running cisco-1.25 have reached "End of Life" (EOL) and "End of Support" (EOS). This means Cisco no longer releases patches for them. If the hardware cannot support modern IOS versions, the device must be replaced. The string SSH-2

Security scanners (like Nessus or Qualys) often flag this banner because it reveals the device's operating system and version, which can help an attacker identify known vulnerabilities. Below is a breakdown of what this banner means and the actual vulnerabilities often associated with it. What is SSH-2.0-Cisco-1.25?

Would you like me to help you instead:

Why that banner matters