A critical command injection vulnerability (CVE-2025-20265) in Cisco's Secure Firewall Management Center (FMC) has been disclosed, achieving the highest possible CVSS score of 10.0. The flaw affects FMC versions 7.0.7 and 7.7.0 configured for RADIUS authentication, making many users vulnerable as RADIUS is the standard for network authentication. Attackers can exploit the bug to execute high-privileged shell commands without any prior system access or valid credentials. Immediate patching is essential since no mitigation or workaround exists at this time, despite no confirmed active exploits being reported yet.
A critical command injection vulnerability (CVE-2025-20265) has been identified in Cisco's Secure Firewall Management Center, scoring a 10.0 on the CVSS scale, indicating the highest risk.
The vulnerability affects FMC versions 7.0.7 and 7.7.0 configured for RADIUS authentication, allowing attackers to execute commands as high-privileged shell commands if exploited correctly.
Collection
[
|
...
]