Aug 15, 2025Ravie LakshmananVulnerability / Community Safety
Cisco has launched safety updates to deal with a maximum-severity safety flaw in Safe Firewall Administration Middle (FMC) Software program that would permit an attacker to execute arbitrary code on affected programs.
The vulnerability, assigned the CVE identifier CVE-2025-20265 (CVSS rating: 10.0), impacts the RADIUS subsystem implementation that would allow an unauthenticated, distant attacker to inject arbitrary shell instructions which might be executed by the gadget.
The networking tools main stated the difficulty stems from a scarcity of correct dealing with of consumer enter in the course of the authentication section, on account of which an attacker may ship specifically crafted enter when coming into credentials that get authenticated on the configured RADIUS server.
“A profitable exploit may permit the attacker to execute instructions at a excessive privilege degree,” the corporate stated in a Thursday advisory. “For this vulnerability to be exploited, Cisco Safe FMC Software program should be configured for RADIUS authentication for the web-based administration interface, SSH administration, or each.”
The shortcoming impacts Cisco Safe FMC Software program releases 7.0.7 and seven.7.0 if they’ve RADIUS authentication enabled. There are not any workarounds aside from making use of the patches supplied by the corporate. Brandon Sakai of Cisco has been credited with discovering the difficulty throughout inner safety testing.
Apart from CVE-2025-20265, Cisco has additionally resolved a lot of high-severity bugs –
CVE-2025-20217 (CVSS rating: 8.6) – Cisco Safe Firewall Risk Protection Software program Snort 3 Denial-of-Service Vulnerability
CVE-2025-20222 (CVSS rating: 8.6) – Cisco Safe Firewall Adaptive Safety Equipment and Safe Firewall Risk Protection Software program for Firepower 2100 Sequence IPv6 over IPsec Denial-of-Service Vulnerability
CVE-2025-20224, CVE-2025-20225, CVE-2025-20239 (CVSS scores: 8.6) – Cisco IOS, IOS XE, Safe Firewall Adaptive Safety Equipment, and Safe Firewall Risk Protection Software program IKEv2 Denial-of-Service Vulnerabilities
CVE-2025-20133, CVE-2025-20243 (CVSS scores: 8.6) – Cisco Safe Firewall Adaptive Safety Equipment and Safe Firewall Risk Protection Software program Distant Entry SSL VPN Denial-of-Service Vulnerabilities
CVE-2025-20134 (CVSS rating: 8.6) – Cisco Safe Firewall Adaptive Safety Equipment and Safe Firewall Risk Protection Software program SSL/TLS Certificates Denial-of-Service Vulnerability
CVE-2025-20136 (CVSS rating: 8.6) – Cisco Safe Firewall Adaptive Safety Equipment and Safe Firewall Risk Protection Software program Community Tackle Translation DNS Inspection Denial-of-Service Vulnerability
CVE-2025-20263 (CVSS rating: 8.6) – Cisco Safe Firewall Adaptive Safety Equipment and Safe Firewall Risk Protection Software program Net Providers Denial-of-Service Vulnerability
CVE-2025-20148 (CVSS rating: 8.5) – Cisco Safe Firewall Administration Middle Software program HTML Injection Vulnerability
CVE-2025-20251 (CVSS rating: 8.5) – Cisco Safe Firewall Adaptive Safety Equipment and Safe Firewall Risk Protection Software program VPN Net Server Denial-of-Service Vulnerability
CVE-2025-20127 (CVSS rating: 7.7) – Cisco Safe Firewall Adaptive Safety Equipment and Safe Firewall Risk Protection Software program for Firepower 3100 and 4200 Sequence TLS 1.3 Cipher Denial-of-Service Vulnerability
CVE-2025-20244 (CVSS rating: 7.7) – Cisco Safe Firewall Adaptive Safety Equipment and Safe Firewall Risk Protection Software program Distant Entry VPN Net Server Denial-of-Service Vulnerability
Whereas not one of the flaws have come beneath energetic exploitation within the wild, with community home equipment repeatedly getting caught within the attackers’ crosshairs, it is important that customers transfer rapidly to replace their situations to the most recent model.
