Cisco has disclosed a important safety vulnerability in its Safe Firewall Administration Middle (FMC) Software program that would enable unauthenticated attackers to execute arbitrary shell instructions with high-level privileges remotely.
The vulnerability, tracked as CVE-2025-20265 and assigned the utmost CVSS rating of 10.0, represents probably the most extreme safety flaws found in enterprise firewall infrastructure this 12 months.
The safety vulnerability resides within the RADIUS subsystem implementation of Cisco’s Safe FMC Software program, particularly affecting the authentication part the place person enter is badly dealt with.
Attackers can exploit this vulnerability by sending specifically crafted credentials throughout the RADIUS authentication course of, permitting them to inject malicious shell instructions which might be subsequently executed by the goal system.
What makes this vulnerability notably harmful is that it requires no authentication and may be exploited remotely over the community.
The vulnerability stems from inadequate enter validation throughout the credential verification course of, creating a possibility for command injection assaults when the system processes authentication requests despatched to the configured RADIUS server.
Affected Techniques and Mitigations
The vulnerability particularly impacts Cisco Safe FMC Software program releases 7.0.7 and seven.7.0, however solely when RADIUS authentication is enabled for both the web-based administration interface, SSH administration, or each. Organizations not utilizing RADIUS authentication aren’t susceptible to this specific assault vector.
ProductAffected VersionsPrerequisitesStatusCisco Safe Firewall Administration Middle (FMC) Software7.0.7RADIUS authentication enabledVulnerableCisco Safe Firewall Administration Middle (FMC) Software7.7.0RADIUS authentication enabledVulnerableCisco Safe Firewall ASA SoftwareAll versionsN/ANot AffectedCisco Safe Firewall Menace Protection (FTD) SoftwareAll versionsN/ANot Affected
Cisco has confirmed that different merchandise in its safety portfolio, together with Safe Firewall Adaptive Safety Equipment (ASA) Software program and Safe Firewall Menace Protection (FTD) Software program, aren’t affected by this vulnerability.
Not like many safety vulnerabilities that supply non permanent mitigation methods, Cisco has explicitly acknowledged that no workarounds exist for this flaw.
Nonetheless, organizations can cut back their publicity by switching to different authentication strategies comparable to native person accounts, exterior LDAP authentication, or SAML single sign-on (SSO).
This mitigation method basically requires organizations to disable RADIUS authentication solely, which can influence operational workflows and require vital configuration modifications.
Cisco has launched free software program updates that tackle the vulnerability and strongly recommends quick patching for all affected programs.
The corporate’s Product Safety Incident Response Workforce (PSIRT) has not reported any public exploitation makes an attempt or malicious use of this vulnerability within the wild.
The vulnerability was found throughout inside safety testing by Brandon Sakai of Cisco, highlighting the significance of proactive safety assessments.
This discovery is a part of Cisco’s August 2025 Semiannual Safety Advisory Bundled Publication, which incorporates a number of safety updates throughout the Safe Firewall product line.
Given the important nature of this vulnerability and its potential for distant code execution with out authentication, safety specialists suggest treating this as a priority-one patching state of affairs.
Organizations utilizing Cisco Safe FMC with RADIUS authentication ought to instantly assess their publicity and plan for emergency upkeep home windows to use the obtainable fixes.
Enhance your SOC and assist your crew defend your corporation with free top-notch menace intelligence: Request TI Lookup Premium Trial.
