Cisco has issued security updates to address the maximum-seriousness security defect in the safe Firewall Management Center (FMC) software that may allow an attacker to execute arbitrary codes on affected systems.
Development, assigned to CVE identifier Cve-2025-20265 (CVSS Score: 10.0), Radius affects the subcutaum implementation that can allow an informal, remote attacker to inject the arbitrary shell command executed by the device.
Networking tool Major said that the issue stems from the lack of proper handling of the user input during the authentication phase, resulting in an attacker can send a particularly designed input when credentials are recorded that is certified on the configured radius server.
The company said in an advisor on Thursday, “A successful exploitation may allow the attacker to execute the command at a high privilege level.” “To exploit this vulnerability, Cisco secure FMC software must be configured for the radius authentication for web-based management interfaces, SSH management, or both.”
If they have radius authentication capable, the Cisco secure FMC software releases 7.0.7 and 7.7.0. There are no workarounds other than implementing the patch provided by the company. Cisco’s Brandon Sakai has been credited with discovering the issue during internal security testing.
Apart from CVE-2025-20265, Cisco has also solved many high-seriousness bugs-
- Cve-2025-20217 (CVSS Score: 8.6) -Sisco safe firewall threat defense software snort 3 denial-service vulnerability
- Cve-2025-20222 ,
- CVE-2025-20224, CVE-2025-20225, CVE-2025-20239 ,
- CVE-2025-20133, CVE-2025-20243 (CVSS Score: 8.6) -Sisco safe firewall adaptive safety equipment and safe firewall threat defense software remote access
- Cve-2025-20134 (CVSS Score: 8.6) -Sisco secure firewall adaptive safety equipment and safe firewall threat defense software
- Cve-2025-20136 (CVSS Score: 8.6) -Sisco safe firewall adaptive safety equipment and safe firewall threat defense software network address translation DNS Inspection-Service-Service Vulnerance
- Cve-2025-20263 (CVSS Score: 8.6) -Sisco secure firewall adaptive safety equipment and safe firewall threat defense software web services refusal-service vulnerability
- Cve-2025-20148 (CVSS Score: 8.5) – Cisco secure firewall management center software html injection vulnerability
- Cve-2025-20251 (CVSS Score: 8.5) -Sisco safe firewall adaptive safety equipment and safe firewall threat defense software VPN web server denial-service vulnerability
- Cve-2025-20127 ,
- Cve-2025-20244 (CVSS Score: 7.7) -Sisco safe firewall adaptive safety equipment and safe firewall threat defense software remote access VPN web server Daniel-Off-Service Vulnerance
While no defects have come under active exploitation in the wild, they are caught repeatedly in crosshare of attackers with network devices, it is necessary that users proceed quickly to update their examples to the latest version.
