Cisco Fixes Maximum-Severity Security Flaw in Secure Firewall Management Center

In a move to address a critical security vulnerability, Cisco has released patches for its Secure Firewall Management Center (FMC) Software. The company's Product Security Incident Response Team (PSIRT) warned of a maximum-severity security flaw tracked as CVE-2025-20265 (CVSS score of 10.0), which can allow remote code execution on vulnerable systems.

The vulnerability affects the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software, stemming from improper input handling during authentication. This allows an unauthenticated, remote attacker to send crafted credentials to the configured RADIUS server, potentially injecting arbitrary shell commands that are executed by the device.

"A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device," reads the advisory. "This vulnerability is due to a lack of proper handling of user input during the authentication phase."

An attacker could exploit this vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server. A successful exploit could allow the attacker to execute commands at a high privilege level, posing significant security risks.

Impact and Mitigation

The flaw affects Cisco Secure FMC Software versions 7.0.7 and 7.7.0 with RADIUS authentication enabled. However, it is worth noting that ASA (Adaptive Security Appliance) and FTD (Flexible Threat Defense) software are not impacted by this vulnerability.

Cisco advises that there is no workaround for the flaw, but it can be mitigated by switching to local, LDAP, or SAML Single Sign-On (SSO) authentication. This should be done after assessing its impact on the specific environment.

Investigation and Response

The vulnerability was discovered during internal security testing by Brandon Sakai of Cisco.

However, the PSIRT is not aware of any attacks in the wild exploiting this flaw at present. The company urges users to apply the patches as soon as possible to prevent potential exploitation.

Stay Informed

To stay up-to-date with the latest security news and alerts, follow me on Twitter (@securityaffairs), Facebook, and Mastodon (SecurityAffairs – hacking, Secure Firewall Management Center).