Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

Aug 15, 2025Ravie LakshmananVulnerability / Network Security

Cisco has released security updates to address a maximum-severity security flaw in Secure Firewall Management Center (FMC) Software that could allow an attacker to execute arbitrary code on affected systems.

The vulnerability, assigned the CVE identifier CVE-2025-20265 (CVSS score: 10.0), affects the RADIUS subsystem implementation that could permit an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device.

The networking equipment major said the issue stems from a lack of proper handling of user input during the authentication phase, as a result of which an attacker could send specially crafted input when entering credentials that get authenticated at the configured RADIUS server.

“A successful exploit could allow the attacker to execute commands at a high privilege level,” the company said in a Thursday advisory. “For this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both.”

The shortcoming impacts Cisco Secure FMC Software releases 7.0.7 and 7.7.0 if they have RADIUS authentication enabled. There are no workarounds other than applying the patches provided by the company. Brandon Sakai of Cisco has been credited with discovering the issue during internal security testing.

Besides CVE-2025-20265, Cisco has also resolved a number of high-severity bugs –

• CVE-2025-20217 (CVSS score: 8.6) – Cisco Secure Firewall Threat Defense Software Snort 3 Denial-of-Service Vulnerability
• CVE-2025-20222 (CVSS score: 8.6) – Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software for Firepower 2100 Series IPv6 over IPsec Denial-of-Service Vulnerability
• CVE-2025-20224, CVE-2025-20225, CVE-2025-20239 (CVSS scores: 8.6) – Cisco IOS, IOS XE, Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial-of-Service Vulnerabilities
• CVE-2025-20133, CVE-2025-20243 (CVSS scores: 8.6) – Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Denial-of-Service Vulnerabilities
• CVE-2025-20134 (CVSS score: 8.6) – Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software SSL/TLS Certificate Denial-of-Service Vulnerability
• CVE-2025-20136 (CVSS score: 8.6) – Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Network Address Translation DNS Inspection Denial-of-Service Vulnerability
• CVE-2025-20263 (CVSS score: 8.6) – Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Web Services Denial-of-Service Vulnerability
• CVE-2025-20148 (CVSS score: 8.5) – Cisco Secure Firewall Management Center Software HTML Injection Vulnerability
• CVE-2025-20251 (CVSS score: 8.5) – Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Server Denial-of-Service Vulnerability
• CVE-2025-20127 (CVSS score: 7.7) – Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software for Firepower 3100 and 4200 Series TLS 1.3 Cipher Denial-of-Service Vulnerability
• CVE-2025-20244 (CVSS score: 7.7) – Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access VPN Web Server Denial-of-Service Vulnerability

While none of the flaws have come under active exploitation in the wild, with network appliances repeatedly getting caught in the attackers’ crosshairs, it’s essential that users move quickly to update their instances to the latest version.

Upgrade your audio game with the Logitech for Creators Blue Yeti USB Microphone. With over 33,730 ratings and an impressive 4.6 out of 5 stars, it’s no wonder this is an Amazon’s Choice product. Recently, 5K+ units were purchased in the past month.

Available in five stunning colors: Teal, Silver, Pink Dawn, Midnight Blue, and Blackout, this microphone is perfect for creators looking to produce exceptional audio. Priced at only $84.99, it’s a deal you can’t afford to miss.

Elevate your recordings with clear broadcast-quality sound and explore your creativity with enhanced effects, advanced modulation, and HD audio samples. Order now for just $84.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!