Cisco has patched a critical vulnerability in its Secure Firewall Management Center that could let hackers remotely execute commands with full privileges.
Quick Summary – TLDR:
- Cisco disclosed and patched a critical vulnerability (CVE-2025-20265) in its Secure Firewall Management Center (FMC).
- The flaw allows unauthenticated remote code execution if RADIUS authentication is enabled.
- It affects FMC Software versions 7.0.7 and 7.7.0 only, not ASA or FTD software.
- No exploitation has been reported in the wild, but organizations are urged to patch immediately.
What Happened?
Cisco has released patches for a critical remote code execution vulnerability in its Secure Firewall Management Center (FMC). Tracked as CVE-2025-20265 and rated the maximum CVSS score of 10.0, the flaw could allow unauthenticated attackers to gain full system control by exploiting RADIUS authentication.
Discovered during Cisco’s internal security testing, the issue puts firewall management systems at serious risk and has been classified as a command injection vulnerability.
Yet another max score vuln 🥹
— Marci Ujlaki (@UjlakiMarci) August 14, 2025
🟥 CVE-2025-20265, CVSS: 10.0 (#Critical, #Highest)
Cisco Secure Firewall Management Center (FMC) Software
A critical vulnerability in the RADIUS subsystem.
Unauthenticated remote attackers can inject arbitrary shell commands due to improper user… pic.twitter.com/iechEC3gL5
Vulnerability Details and Affected Versions
The bug resides in the RADIUS subsystem of Cisco Secure FMC Software. It specifically affects versions 7.0.7 and 7.7.0 that have RADIUS authentication enabled.
Cisco explained that the problem arises due to improper handling of user input during the authentication phase. Attackers could exploit the flaw by sending specially crafted credentials to the configured RADIUS server, which may result in execution of shell commands with high privilege levels.
This vulnerability is due to a lack of proper handling of user input during the authentication phase.
Cisco stated in its advisory.
Key details:
- CVE ID: CVE-2025-20265
- CVSS Score: 10.0 (Critical)
- CWE: CWE-74 (Command Injection)
- Affected: Cisco FMC Software versions 7.0.7 and 7.7.0
- Not Affected: Cisco ASA and FTD Software
No Workarounds but Patches Available
Cisco has confirmed that no workaround currently exists for this issue. However, mitigation is possible by switching from RADIUS authentication to alternatives such as:
- Local user authentication
- LDAP
- SAML single sign-on (SSO)
The company has released free software updates to fix the vulnerability and advises all affected customers to update their FMC installations immediately. They can also use the Cisco Software Checker Tool to identify impacted systems and required fixes.
Other Vulnerabilities Also Patched
Alongside CVE-2025-20265, Cisco also addressed:
- More than a dozen high-severity bugs in FMC, ASA, and FTD products
- Remote denial-of-service (DoS) vulnerabilities affecting both unauthenticated and authenticated attackers
- A high-severity issue that allows arbitrary HTML injection, SSRF attacks, and file read access on FMC
Cisco noted that there is no evidence of exploitation in the wild for any of the patched issues, but cautioned that similar recent vulnerabilities in its products, like Identity Services Engine (ISE), were exploited within weeks of disclosure.
SQ Magazine Takeaway
I’ll be honest. A CVSS 10.0 score is never something you ignore, especially when it involves unauthenticated remote code execution. This kind of flaw is exactly what attackers dream of. Even if there’s no current sign of exploitation, the fact that this bug could hand over full control of your firewall management system is a nightmare scenario for any IT team. If you’re running FMC with RADIUS enabled, stop reading and go patch. Seriously. This is the kind of hole that gets abused fast.
