Cisco has unveiled a significant vulnerability present in its Secure Firewall Management Center (FMC) Software.
This remote code execution (RCE) vulnerability, designated as CVE-2025-20265, is categorized with a maximum CVSS severity score of 10.0. Consequently, customers are strongly encouraged to implement software updates promptly to mitigate the risk of potential exploitation.
The flaw resides within the RADIUS system implementation of Cisco’s FMC software. An attacker can exploit this vulnerability, permitting unauthorized remote access to execute arbitrary shell commands on the device.
RADIUS, a protocol central to access server authentication and accounting, is employed by Cisco devices to facilitate secure network access. It ensures the verification of user credentials while managing resource utilization.
“This vulnerability arises from inadequate handling of user input during the authentication phase. An assailant could exploit this weakness by submitting specially crafted input while entering credentials for authentication at the configured RADIUS server. A successful exploitation could enable the attacker to execute commands with elevated privileges,” the tech conglomerate advised in an announcement issued on August 14.
This critical bug impacts Cisco Secure FMC Software versions 7.0.7 and 7.7.0 when RADIUS authentication is enabled.
Strategies for Remediating the Firewall Management Vulnerability
This notification forms part of a comprehensive publication that encompasses 21 Cisco Security Advisories describing 29 vulnerabilities across Cisco Secure Firewall ASA, Secure FMC, and Secure FTD Software.
Cisco is providing customers with a complimentary software update to rectify the specific flaw within Secure FMC. Customers with service agreements entitling them to regular updates should acquire the necessary security patches through standard update mechanisms.
No workarounds are available to directly mitigate the vulnerability. However, as exploitation is feasible only if RADIUS authentication is configured, Cisco suggests that customers can alleviate the issue by opting for alternative authentication methods, such as local user accounts, external LDAP authentication, or SAML single sign-on (SSO).
This latest advisory from Cisco emerges amidst a rising tide of reported exploitations targeting the firm’s products in 2025.
In July, the US Cybersecurity and Infrastructure Security Agency (CISA) included two critical vulnerabilities associated with Cisco Identity Services Engine (ISE) Software in its Known Exploited Vulnerabilities (KEV) catalog.
Earlier in March, the agency mandated that federal government entities address CVE-2023-20118—a command injection vulnerability identified in the web-based management interface of several Cisco Small Business RV Series routers.
Cisco also disclosed in February that a Chinese state-sponsored group, known as Salt Typhoon, had infiltrated US telecom providers via Cisco devices, utilizing a custom-crafted tool dubbed JumbledPath.
Source link: Infosecurity-magazine.com.
