Ssh-2.0-cisco-1.25 Vulnerability |verified| Jun 2026

: The device is utilizing version 1.25 of Cisco’s internal code package for handling secure shell connections.

This article will dissect exactly what SSH-2.0-Cisco-1.25 means, explore the real vulnerabilities tied to this SSH implementation, distinguish between myth and fact, and provide a definitive guide to remediation.

I can provide the exact configuration scripts or upgrade paths for your environment.

: Multiple product lines, including those running specific versions of IOS XE and other platforms that integrate the affected Erlang/OTP SSH server components. Würth Phoenix Additional Associated Risks Devices reporting Cisco-1.25 ssh-2.0-cisco-1.25 vulnerability

The string is a version identifier frequently returned by the Secure Shell (SSH) server on Cisco IOS and IOS XE devices during a protocol handshake. While this specific string describes the Cisco implementation of the SSH-2.0 protocol rather than a single vulnerability, devices reporting this version have recently been linked to a maximum-severity flaw (CVSS 10.0) in the underlying Erlang/OTP SSH server implementation. The Critical Erlang/OTP SSH Vulnerability

The Cisco-1.25 engine variant often relies on legacy default cryptographic configurations. It defaults to vulnerable Cipher Block Chaining (CBC) modes or older algorithms like Triple DES (3DES) and Blowfish. These algorithms are highly susceptible to modern traffic decryption techniques, sniffing, and Man-in-the-Middle (MitM) injection attacks.

: Terrapin targets the handshake phase of the SSH protocol. It manipulates sequence numbers during the extension negotiation phase. : The device is utilizing version 1

A prominent and severe threat tied directly to certain Cisco products running SSH environments is .

show ip ssh

: The internal Cisco software version handling the SSH process. : Multiple product lines, including those running specific

Disclosing this banner is a poor security practice. It gives an attacker a complete "cheat sheet." It eliminates the need for them to probe or guess, instantly revealing the technology stack and signaling that the device likely has not been updated or hardened recently.

The string breaks down into distinct components. The "SSH-2.0" prefix indicates that the server supports version 2.0 of the SSH protocol. The "Cisco" label identifies the vendor's proprietary implementation. The "1.25" suffix represents the internal version number of Cisco's SSH server code, not the version of the IOS operating system itself. This server version was particularly prevalent on devices running older software trains, where SSH functionality was often treated as a separate software component rather than a deeply integrated feature.

This signature breaks down into three key functional components:

The most critical step is to keep your Cisco software up to date.

The format of an SSH protocol banner is strictly defined by Internet Engineering Task Force (IETF) standards to ensure interoperability during the initial connection handshake.