Cisco Patches Critical Vulnerability in Firewall Management Platform

Cisco Patches Critical Vulnerability in Firewall Management Platform

Posted on By CWS

Cisco has revealed greater than 20 safety advisories as a part of its August 2025 bundled publication for Safe Firewall Administration Heart (FMC), Safe Firewall Risk Protection (FTD), and Safe Firewall Adaptive Safety Equipment (ASA) merchandise.

Essentially the most severe vulnerability — based mostly on its severity ranking — is CVE-2025-20265, a important flaw affecting the Safe FMC platform designed for managing and monitoring Cisco FTD home equipment and different safety options.

The weak spot impacts Safe FMC situations which have Radius authentication enabled. It may be exploited by a distant, unauthenticated attacker for arbitrary code execution. 

“This vulnerability is because of a scarcity of correct dealing with of person enter in the course of the authentication part,” Cisco defined. “An attacker might exploit this vulnerability by sending crafted enter when getting into credentials that can be authenticated on the configured RADIUS server. A profitable exploit might enable the attacker to execute instructions at a excessive privilege stage.”

Cisco has additionally addressed greater than a dozen high-severity vulnerabilities in its FMC, FTD and ASA merchandise.

A majority may be exploited by unauthenticated attackers for distant DoS assaults. Others may be exploited for DoS assaults, however solely by authenticated attackers. 

A high-severity FMC subject permits an authenticated, distant attacker to inject arbitrary HTML content material right into a device-generated doc, learn arbitrary recordsdata from the working system, and conduct SSRF assaults. 

Eleven medium-severity vulnerabilities have been addressed by Cisco in its safety merchandise.Commercial. Scroll to proceed studying.

Cisco has launched patches for these vulnerabilities and it additionally supplies a software program checker instrument to assist prospects determine impacted merchandise and the required fixes.

The networking large stated there was no proof that these vulnerabilities have been exploited within the wild. Further particulars can be found in Cisco’s advisories. 

Cisco prospects have been knowledgeable just lately that hackers had began concentrating on important vulnerabilities in Identification Providers Engine (ISE), lower than a month after patches have been launched.

Associated: Cisco Warns of Hardcoded Credentials in Enterprise Software program

Associated: Cisco Says Consumer Information Stolen in CRM Hack

Associated: AI Guardrails Below Hearth: Cisco’s Jailbreak Demo Exposes AI Weak Factors

Security Week News Tags:, , , , , ,

Related Posts

Fig Security Unveils M Funding to Enhance SecOps Fig Security Unveils $38M Funding to Enhance SecOps Security Week News
Google Tackles AI Threats, Disney Faces Privacy Fine Google Tackles AI Threats, Disney Faces Privacy Fine Security Week News
Google Patches Mysterious Chrome Zero-Day Exploited in the Wild Google Patches Mysterious Chrome Zero-Day Exploited in the Wild Security Week News
GitLab, Atlassian Patch High-Severity Vulnerabilities GitLab, Atlassian Patch High-Severity Vulnerabilities Security Week News
How Scammers Are Using AI to Steal College Financial Aid How Scammers Are Using AI to Steal College Financial Aid Security Week News
UAE’s K2 Think AI Jailbroken Through Its Own Transparency Features UAE’s K2 Think AI Jailbroken Through Its Own Transparency Features Security Week News