Cisco issued security updates addressing a critical vulnerability (CVE-2025-20265) with a CVSS score of 10.0 in Secure Firewall Management Center Software. The flaw affects the RADIUS subsystem and allows unauthenticated attackers to inject arbitrary shell commands, resulting in high privilege command execution. Affected versions include releases 7.0.7 and 7.7.0 with RADIUS authentication enabled. Patches are necessary to mitigate the risk, as there are no workarounds. Cisco has also addressed additional high-severity security issues in various software solutions.
The vulnerability, assigned the CVE identifier CVE-2025-20265 (CVSS score: 10.0), affects the RADIUS subsystem implementation that could permit an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device.
A successful exploit could allow the attacker to execute commands at a high privilege level. For this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both.
Cisco has also resolved a number of high-severity bugs, including CVE-2025-20217 (CVSS score: 8.6) and CVE-2025-20222 (CVSS score: 8.6), among others.
The shortcoming impacts Cisco Secure FMC Software releases 7.0.7 and 7.7.0 if they have RADIUS authentication enabled. There are no workarounds other than applying the patches provided by the company.
Collection
[
|
...
]