Cisco has released security updates to address a maximum-severity security flaw in Secure Firewall Management Center (FMC) Software that could allow an attacker to execute arbitrary code on affected systems.
The vulnerability, assigned the CVE identifier CVE-2025-20265 (CVSS score: 10.0), affects the RADIUS subsystem implementation that could permit an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device.
The networking equipment major said the issue stems from a lack of proper handling of user input during the authentication phase, as a result of which an attacker could send specially crafted input when entering credentials that get authenticated at the configured RADIUS server.
“A successful exploit could allow the attacker to execute commands at a high privilege level,” the company said in a Thursday advisory. “For this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both.”
The shortcoming impacts Cisco Secure FMC Software releases 7.0.7 and 7.7.0 if they have RADIUS authentication enabled. There are no workarounds other than applying the patches provided by the company. Brandon Sakai of Cisco has been credited with discovering the issue during internal security testing.
Besides CVE-2025-20265, Cisco has also resolved a number of high-severity bugs –
- CVE-2025-20217 (CVSS score: 8.6) – Cisco Secure Firewall Threat Defense Software Snort 3 Denial-of-Service Vulnerability
- CVE-2025-20222 (CVSS score: 8.6) – Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software for Firepower 2100 Series IPv6 over IPsec Denial-of-Service Vulnerability
- CVE-2025-20224, CVE-2025-20225, CVE-2025-20239 (CVSS scores: 8.6) – Cisco IOS, IOS XE, Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial-of-Service Vulnerabilities
- CVE-2025-20133, CVE-2025-20243 (CVSS scores: 8.6) – Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Denial-of-Service Vulnerabilities
- CVE-2025-20134 (CVSS score: 8.6) – Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software SSL/TLS Certificate Denial-of-Service Vulnerability
- CVE-2025-20136 (CVSS score: 8.6) – Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Network Address Translation DNS Inspection Denial-of-Service Vulnerability
- CVE-2025-20263 (CVSS score: 8.6) – Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Web Services Denial-of-Service Vulnerability
- CVE-2025-20148 (CVSS score: 8.5) – Cisco Secure Firewall Management Center Software HTML Injection Vulnerability
- CVE-2025-20251 (CVSS score: 8.5) – Cisco Secure Firewall Adaptive Security…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
