Cisco has disclosed a critical security vulnerability in its Secure Firewall Management Center (FMC) Software that could allow unauthenticated attackers to execute arbitrary shell commands with high-level privileges remotely.
The vulnerability, tracked as CVE-2025-20265 and assigned the maximum CVSS score of 10.0, represents one of the most severe security flaws discovered in enterprise firewall infrastructure this year.
The security vulnerability resides in the RADIUS subsystem implementation of Cisco’s Secure FMC Software, specifically affecting the authentication phase where user input is improperly handled.
Attackers can exploit this vulnerability by sending specially crafted credentials during the RADIUS authentication process, allowing them to inject malicious shell commands that are subsequently executed by the target device.
What makes this vulnerability particularly dangerous is that it requires no authentication and can be exploited remotely over the network.
The vulnerability stems from insufficient input validation during the credential verification process, creating an opportunity for command injection attacks when the system processes authentication requests sent to the configured RADIUS server.
Affected Systems and Mitigations
The vulnerability specifically impacts Cisco Secure FMC Software releases 7.0.7 and 7.7.0, but only when RADIUS authentication is enabled for either the web-based management interface, SSH management, or both. Organizations not using RADIUS authentication are not vulnerable to this particular attack vector.
| Product | Affected Versions | Prerequisites | Status |
|---|---|---|---|
| Cisco Secure Firewall Management Center (FMC) Software | 7.0.7 | RADIUS authentication enabled | Vulnerable |
| Cisco Secure Firewall Management Center (FMC) Software | 7.7.0 | RADIUS authentication enabled | Vulnerable |
| Cisco Secure Firewall ASA Software | All versions | N/A | Not Affected |
| Cisco Secure Firewall Threat Defense (FTD) Software | All versions | N/A | Not Affected |
Cisco has confirmed that other products in its security portfolio, including Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software, are not affected by this vulnerability.
Unlike many security vulnerabilities that offer temporary mitigation strategies, Cisco has explicitly stated that no workarounds exist for this flaw.
However, organizations can reduce their exposure by switching to alternative authentication methods such as local user accounts, external LDAP authentication, or SAML single sign-on (SSO).
This mitigation approach essentially requires organizations to disable RADIUS authentication entirely, which may impact operational workflows and require significant configuration changes.
Cisco has released free software updates that address the vulnerability and strongly recommends immediate patching for all affected systems.
The company’s Product Security Incident Response Team (PSIRT) has not reported any public exploitation attempts or malicious use of this vulnerability in the wild.
The vulnerability was discovered during internal security testing by Brandon Sakai of Cisco, highlighting the importance of proactive security assessments.
This discovery is part of Cisco’s August 2025 Semiannual Security Advisory Bundled Publication, which includes multiple security updates across the Secure Firewall product line.
Given the critical nature of this vulnerability and its potential for remote code execution without authentication, security experts recommend treating this as a priority-one patching scenario.
Organizations using Cisco Secure FMC with RADIUS authentication should immediately assess their exposure and plan for emergency maintenance windows to apply the available fixes.
Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.
Source link
