Critical Cisco RCE Flaw (CVE-2025-20265, CVSS 10): Unauthenticated Attackers Can Hijack Firewalls

Cisco has disclosed a critical remote code execution vulnerability in its Secure Firewall Management Center (FMC) Software that could allow unauthenticated attackers to execute arbitrary commands with high privilege. Tracked as CVE-2025-20265 and carrying a CVSS score of 10.0, this flaw poses a severe risk to organizations using affected FMC versions with RADIUS authentication enabled.

According to Cisco, “A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device.”

The issue stems from insufficient input validation during the authentication phase. An attacker could exploit it by sending crafted input when entering credentials, which are then processed by the RADIUS server. If successful, the attacker gains command execution at a high privilege level.

Only specific releases are impacted:

• Cisco Secure FMC Software versions 7.0.7 and 7.7.0
• Only if RADIUS authentication is enabled for the web-based management interface, SSH management, or both.

Cisco confirmed that this vulnerability does not affect:

• Cisco Secure Firewall Adaptive Security Appliance (ASA) Software
• Cisco Secure Firewall Threat Defense (FTD) Software

Cisco warns: “There are no workarounds that address this vulnerability.” However, exploitation is only possible if RADIUS authentication is enabled. To mitigate risk before patching, Cisco recommends switching to:

• Local user accounts
• External LDAP authentication
• SAML single sign-on (SSO)

Cisco has released software updates to fix the flaw. The Cisco Product Security Incident Response Team (PSIRT) states it is “not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.”

Related Posts:

• Critical Bug Discovered in Cisco Firepower Management Center
• CVE-2024-20424 (CVSS 9.9): Cisco FMC Software Vulnerability Grants Attackers Root Access
• CVE-2024-20360: Cisco FMC Vulnerability Grants Hackers Root Access
• Cisco Confirms Critical RADIUS Protocol Vulnerability in Multi Products: Patch Now!
• Cisco releases patch to fix three high security bugs

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Do Son

Do Son (aka Ddos) is a seasoned news reporter, bringing over a decade of expertise to the forefront of cyber security and technology reporting. My work provides timely and insightful analysis of emerging trends and critical developments in these rapidly evolving sectors.