Cisco has disclosed a critical security vulnerability in its Secure Firewall Management Center software that could allow unauthenticated attackers to remotely execute shell commands with elevated privileges.
The flaw, tracked as CVE-2025-20265, carries a maximum CVSS score of 10.0 and affects organizations using RADIUS authentication for their firewall management interfaces.
Critical Remote Code Execution Flaw Discovered
The vulnerability resides in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software, specifically affecting versions 7.0.7 and 7.7.0.
Security researchers identified that improper handling of user input during the authentication phase creates an opportunity for command injection attacks.
| Attribute | Details |
| CVE ID | CVE-2025-20265 |
| CVSS Score | 10.0 (Critical) |
| CWE | CWE-74 (Command Injection) |
Attackers can exploit this weakness by sending specially crafted credentials during the RADIUS authentication process, potentially gaining high-level system access without any prior authentication.
The vulnerability’s critical rating reflects its severe potential impact on affected organizations.
Successful exploitation could provide attackers with complete control over the firewall management system, potentially allowing them to modify security policies, access sensitive network configurations, or use the compromised system as a launching point for further network attacks.
Cisco has confirmed that only FMC Software versions 7.0.7 and 7.7.0 with RADIUS authentication enabled are vulnerable to this attack.
The company explicitly stated that Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software are not affected by this vulnerability. Currently, no workarounds exist to address this vulnerability directly.
However, Cisco recommends that organizations temporarily disable RADIUS authentication and switch to alternative authentication methods such as local user accounts, external LDAP authentication, or SAML single sign-on (SSO) until patches can be applied.
Cisco has released free software updates that completely address this vulnerability. Organizations using affected versions should prioritize updating their FMC software immediately, given the critical nature of this flaw and the absence of effective workarounds.
The company advises customers to consult the Cisco Software Checker tool to determine their specific exposure and identify the appropriate fixed software versions for their deployments.
Organizations should treat this vulnerability as a high-priority security incident requiring immediate attention and remediation efforts.
AWS Security Services: 10-Point Executive Checklist - Download for Free
Source link
