Cisco Patches Critical RCE Flaw in Secure Firewall Management Center: What You Need to Know

TL;DR

Cisco has patched a critical Remote Code Execution (RCE) vulnerability (CVE-2025-20265) in its Secure Firewall Management Center (FMC) Software, which could allow unauthenticated attackers to execute arbitrary code on vulnerable systems. The flaw, with a CVSS score of 10.0, affects systems using RADIUS authentication. While no attacks have been reported in the wild, Cisco advises immediate action to mitigate risks.

---

Cisco Patches Critical Remote Code Execution Flaw in Secure Firewall Management Center

Overview of the Vulnerability

Cisco has released urgent security updates to address a maximum-severity vulnerability, tracked as CVE-2025-20265, in its Secure Firewall Management Center (FMC) Software. This vulnerability carries a CVSS score of 10.0, the highest possible severity rating, indicating its potential for severe exploitation.

The flaw resides in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software. If exploited, it could allow an unauthenticated, remote attacker to inject and execute arbitrary shell commands on affected systems with high-level privileges.

---

Root Cause and Exploitation

The vulnerability stems from improper handling of user input during the authentication phase. Attackers can exploit this flaw by sending crafted credentials to the configured RADIUS server. According to Cisco’s advisory:

“A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. This vulnerability is due to a lack of proper handling of user input during the authentication phase.” ¹

---

Affected Systems and Versions

The vulnerability impacts the following versions of Cisco Secure FMC Software:

• 7.0.7
• 7.7.0

Important Note:

• Systems with RADIUS authentication enabled are vulnerable.
• ASA and FTD software are not affected by this flaw.

---

Mitigation and Workarounds

Cisco has confirmed that no workaround exists for this vulnerability. However, the flaw is only exploitable if RADIUS authentication is enabled. Organizations can mitigate the risk by:

• Disabling RADIUS authentication and switching to alternative authentication methods such as:
  • Local authentication
  • LDAP
  • SAML SSO

Before making changes, organizations should assess the impact of switching authentication methods on their specific environment.

---

Discovery and Current Status

The vulnerability was discovered by Brandon Sakai of Cisco during internal security testing. As of now, the Cisco Product Security Incident Response Team (PSIRT) has not observed any attacks exploiting this vulnerability in the wild.

---

Why This Matters

This vulnerability poses a significant risk to organizations relying on Cisco Secure Firewall Management Center for network security. Given its maximum severity rating, immediate action is recommended to prevent potential exploitation. Unpatched systems could be compromised, leading to unauthorized access, data breaches, or further network infiltration.

---

Conclusion

Cisco’s prompt response in patching CVE-2025-20265 underscores the critical nature of this vulnerability. Organizations using Cisco Secure FMC Software should prioritize applying the security updates or switching authentication methods to mitigate risks. Staying vigilant and proactive in addressing such vulnerabilities is essential to maintaining robust cybersecurity defenses.

---

Additional Resources

For further details, refer to:

• Cisco Security Advisory: CVE-2025-20265
• Security Affairs: Cisco Fixed Maximum-Severity Security Flaw

---

References

1. Cisco PSIRT (2025). “Cisco Security Advisory: Cisco Secure Firewall Management Center RADIUS Remote Code Execution Vulnerability”. Cisco. Retrieved 2025-08-15. ↩︎