Cisco has issued an urgent warning regarding a critical remote code execution (RCE) vulnerability in its Secure Firewall Management Center (FMC) software. The flaw, identified as CVE-2025-20265, carries a maximum CVSS score of 10.0, indicating a severe risk of exploitation. This vulnerability could allow unauthenticated attackers to inject arbitrary shell commands, potentially leading to high-privilege system compromise.

Critical Flaw Uncovered in Cisco Firewall Management

A critical vulnerability has been discovered in Cisco’s Secure Firewall Management Center (FMC) software, specifically within its RADIUS subsystem implementation. This flaw, designated CVE-2025-20265, has been assigned the highest possible CVSS score of 10.0, highlighting its extreme severity. The vulnerability arises from improper handling of user input during the authentication phase. Attackers can exploit this by sending specially crafted credentials to the configured RADIUS server, enabling them to inject and execute arbitrary shell commands with high privilege levels on the affected device.

Key Takeaways

• Critical Vulnerability: CVE-2025-20265 in Cisco Secure FMC Software allows unauthenticated remote code execution.

• Maximum Severity: The flaw has a CVSS score of 10.0, indicating a critical risk.

• Affected Versions: Cisco Secure FMC Software versions 7.0.7 and 7.7.0 are vulnerable if RADIUS authentication is enabled.

• Exploitation: Attackers can inject shell commands by sending crafted input during RADIUS authentication.

• Mitigation: Cisco recommends applying software updates or temporarily disabling RADIUS authentication in favor of alternatives like local accounts, LDAP, or SAML SSO.

Vulnerability Details and Impact

The vulnerability specifically affects Cisco Secure FMC Software versions 7.0.7 and 7.7.0, but only when RADIUS authentication is enabled for the web-based management interface, SSH management, or both. Cisco has clarified that other products, such as Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software, are not impacted by this particular flaw. A successful exploit could grant an attacker complete control over the firewall management system, allowing them to alter security policies, access sensitive network configurations, or use the compromised system as a pivot point for further network intrusions.

Addressing the Threat

Cisco has released software updates to address this critical vulnerability. There are no direct workarounds for the flaw itself. However, organizations can mitigate the risk by temporarily disabling RADIUS authentication and switching to alternative authentication methods such as local user accounts, external LDAP authentication, or SAML single sign-on (SSO). Cisco advises customers to assess the impact of such changes on their specific network environments. While the vulnerability has not been reported as being actively exploited in the wild, prompt patching is strongly recommended due to the critical nature of the flaw and the potential for widespread compromise.

As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.

Sources

• Cisco Discloses Critical RCE Flaw in Firewall Management Software, Infosecurity Magazine.

• Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution, The Hacker News.

• Critical Cisco Secure Firewall Flaw Enables Remote Shell Command Injection, Cyber Press.

• Cisco Secure Firewall Vulnerability Lets Attackers Execute Remote Shell Commands, GBHackers News.

• Cisco fixed maximum-severity security flaw in Secure Firewall Management Center, Security Affairs.