Cisco has released a critical security advisory addressing a serious vulnerability in its Secure Firewall Management Center (FMC) Software. This vulnerability, tracked as CVE-2025-20265, could allow remote, unauthenticated code execution whenever FMC is configured to use RADIUS for administrator logins.
According to Cisco’s advisory, a slip-up in input validation lets a malicious user slip shell commands into the RADIUS authentication process. If successful, the attacker gains high-privilege access to the underlying operating system effectively taking over the manager that controls an organization’s firewalls. Systems affected are:
- Secure FMC releases 7.0.7 and 7.7.0 only
- RADIUS enabled for the web interface, SSH, or both
other firewall products such as Secure Firewall ASA and Secure Firewall Threat Defense (FTD) aren’t affected.
FMC systems using local, LDAP, or SAML authentication are also safe.
Cisco has shipped free updates that completely remediate the issue; the company lists no workarounds. Admins who cannot patch immediately are advised to switch FMC off RADIUS until an upgrade is possible. They also have a Software Checker tool available to determine your exposure and the recommended update path.
For more security release and update information, go to Cisco’s official advisory notice here.
Leave a Reply