Cisco's Secure Firewall Management Center found vulnerable, nurturing a critical Remote Code Execution (RCE) flaw with a CVSS score of 10
A new, high-severity vulnerability has been discovered in Cisco Secure Firewall Management Center (FMC) Software. The flaw, designated as CVE-2025-20265, is a maximum-severity (CVSS 10.0) unauthenticated remote code execution vulnerability affecting the RADIUS authentication subsystem in Cisco FMC.
What is CVE-2025-20265?
This vulnerability allows remote attackers to inject and execute arbitrary shell commands with elevated privileges on affected FMC devices without requiring valid credentials, if RADIUS authentication is enabled for web or SSH management interfaces.
Details and Root Cause
The vulnerability arises due to improper sanitization of user inputs in the RADIUS subsystem during authentication. This means an attacker can craft malicious credentials that include shell commands which the system executes. The flaw is classified under CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component).
Affected Products and Versions
The vulnerability affects Cisco Secure FMC Software versions 7.0.7 and 7.7.0 with RADIUS authentication enabled.
Impact
Successful exploitation grants full control over the affected FMC system, allowing attackers to execute arbitrary commands with root or equivalent privileges, modify firewall policies and security configurations, and pivot and launch attacks inside the protected network environment. This poses a critical risk in enterprise and government environments relying on Cisco FMC for firewall management.
Mitigation
Cisco has released patches to fix the flaw, and no workarounds exist other than applying these updates promptly. Cisco urges all affected customers to upgrade FMC to the patched versions immediately to prevent exploitation. Cisco also recommends using the Cisco Software Checker tool to identify exposure.
Additional Context
The vulnerability was discovered internally by Cisco’s security team during testing, and as of the latest updates, no active exploitation in the wild has been reported. However, due to its nature—remote, unauthenticated, and high-privilege command injection—there is significant concern it could be quickly weaponized by threat actors, including nation-state groups.
This new bug allows an unauthenticated, remote attacker to run arbitrary code on the operating system with root-level privileges. It is crucial for affected customers to apply the patches promptly to mitigate the risk of potential exploitation.
[1] Cisco Advisory [2] CVE Details [3] NVD [4] TechTarget
- Given the discovery of CVE-2025-20265, a high-severity vulnerability affecting Cisco Secure FMC Software, it's essential to promptly apply the provided patches to secure network environments using this software.
- The vulnerability, classified as CWE-74, allows unauthenticated remote code execution on affected FMC devices, posing a critical risk in enterprise and government environments reliant on Cisco FMC for firewall management.
- This unauthenticated remote code execution vulnerability arises from improper sanitization of user inputs in the RADIUS subsystem during authentication, potentially enabling an attacker to execute arbitrary shell commands with elevated privileges.
- Mitigation strategies are limited for this vulnerability, with Cisco urging affected customers to promptly upgrade to the patched versions of FMC software to prevent potential exploitations.
- As part of a proactive cybersecurity strategy, it's recommended to leverage AI-driven threat intelligence solutions and cloud-based networking software to comply with industry best practices, monitor network activities, and securely manage enterprise technology assets.
%20flaw%20with%20a%20CVSS%20score%20of%2010){kind=link}