Cisco is warning a couple of vital distant code execution (RCE) vulnerability within the RADIUS subsystem of its Safe Firewall Administration Heart (FMC) software program.
Cisco FCM is a administration platform for the seller’s Safe Firewall merchandise, which supplies a centralized internet or SSH-based interface to permit directors to configure, monitor, and replace Cisco firewalls.
RADIUS in FMC is an non-compulsory exterior authentication technique that allows connecting to a Distant Authentication Dial-In Person Service server as a substitute of native accounts.
This configuration is often utilized in enterprise and authorities networks the place directors need centralized login management and accounting for community system entry.
The lately disclosed vulnerability is tracked as CVE-2025-20265 and obtained the utmost severity rating of 10 out of 10.
It may be exploited to permit an unauthenticated distant attacker to ship specifically crafted enter when getting into credentials in the course of the RADIUS authentication step.
An adversary may thus obtain arbitrary shell command execution with elevated privileges.
“A vulnerability within the RADIUS subsystem implementation of Cisco Safe Firewall Administration Heart (FMC) Software program may enable an unauthenticated, distant attacker to inject arbitrary shell instructions which are executed by the system,” warns Cisco within the safety bulletin.
“This vulnerability is because of a scarcity of correct dealing with of person enter in the course of the authentication section,” the seller says. CVE-2025-20265 impacts FMC variations 7.0.7 and seven.7.0 when the RADIUS authentication is enabled for the web-based administration interface, SSH administration, or each.
Cisco has launched free software program updates that tackle the problem. The repair was launched by means of common channels to prospects with a sound service contract.
If the patch can’t be put in, Cisco’s really useful mitigation is to disable RADIUS authentication and substitute it with a unique technique (e.g. native person accounts, exterior LDAP, or SAML single sign-on).
Cisco notes that this mitigation labored in testing, however prospects should confirm its applicability and the affect it has of their environments.
The vulnerability was found internally by Cisco’s safety researcher Brandon Sakai, and the seller will not be conscious of the vulnerability being exploited within the wild.
Together with CVE-2025-20265, Cisco additionally launched fixes for 13 high-severity flaws throughout varied merchandise, none of them marked as actively exploited:
The seller says that there aren’t any workarounds for any of the above safety points apart from CVE-2025-20127, the place the advice is to take away the TLS 1.3 cipher.
For all different points the seller recommends putting in the most recent updates out there.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and information exfiltration tendencies.
