Cisco has disclosed a critical security vulnerability in its Secure Firewall Management Center (FMC) Software that could allow unauthenticated remote attackers to execute arbitrary shell commands on affected systems.
The vulnerability, tracked as CVE-2025-20265, received the maximum Common Vulnerability Scoring System (CVSS) score of 10.0, indicating its severe nature and potential for widespread exploitation.
Vulnerability Details and Attack Vector
The security flaw resides in the RADIUS subsystem implementation of Cisco Secure FMC Software, specifically affecting how the system handles user input during the authentication phase.
According to Cisco’s security advisory, published on August 14, 2025, the vulnerability stems from the improper handling of user credentials processed for RADIUS server authentication.
An attacker can exploit this vulnerability by sending specially crafted input when entering login credentials, allowing them to inject malicious shell commands that execute with high privilege levels on the target device.
The attack requires no prior authentication, making it particularly dangerous as it provides a direct pathway for remote system compromise.
The vulnerability is catalogued under Cisco Bug ID CSCwo91250 and falls under the Common Weakness Enumeration (CWE-74) category, which relates to improper neutralization of special elements in output used by a downstream component.
Affected Systems and Prerequisites
The vulnerability specifically impacts Cisco Secure FMC Software versions 7.0.7 and 7.7.0, but only when RADIUS authentication is enabled for either the web-based management interface, SSH management, or both.
Systems not configured with RADIUS authentication remain unaffected by this security issue.
Importantly, Cisco confirmed that other firewall products, including Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software, are not vulnerable to this particular flaw.
Mitigation and Solutions
Cisco has released software updates that completely address the vulnerability, with no workarounds available for affected systems.
However, organizations can mitigate the risk by temporarily disabling RADIUS authentication and switching to alternative authentication methods such as local user accounts, external LDAP authentication, or SAML single sign-on (SSO).
The security advisory emphasizes that customers should evaluate the applicability and effectiveness of any mitigation strategies within their specific network environments, as changes to authentication methods may impact functionality or performance.
Industry Impact and Recommendations
This disclosure is part of Cisco’s August 2025 Semiannual Security Advisory Bundled Publication for Secure Firewall products, highlighting the company’s ongoing commitment to proactive vulnerability disclosure and remediation.
Organizations using affected Cisco FMC systems should immediately assess their configurations and apply available security updates.
Those with RADIUS authentication enabled should prioritize patching efforts given the critical nature of this vulnerability and the potential for remote code execution without authentication requirements.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
.webp?resize=1600,900&ssl=1&description=The vulnerability, tracked as CVE-2025-20265, received the maximum Common Vulnerability Scoring System (CVSS) score of 10.0){kind=link}