Secure Cyber Vulnerability Management

19/08/2025
Qualys-Threat-Protect

Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability (CVE-2025-20265)

by Deepanshu Jha

Cisco addressed a critical severity vulnerability impacting its Secure Firewall Management Center Software. Tracked as CVE-2025-20265, the vulnerability has a critical severity rating with a CVSS score of 10. Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to inject arbitrary shell commands executed by the device.

Cisco Firewall Management Center analyzes network vulnerabilities, prioritizes attacks, and recommends protections to support security teams. FMC provides unified firewall management, application control, intrusion prevention, URL filtering, and malware defense. It also offers real-time visibility across networks to manage applications and malware outbreaks.

Vulnerability Details

The vulnerability originates from improper user input handling during the authentication phase. An attacker could exploit the vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server. An attacker could execute commands at a high privilege level upon successful exploitation.

Affected Versions

The vulnerability affects Cisco Secure FMC Software releases 7.0.7 and 7.7.0.

Note: For the vulnerability to be successfully exploited, Cisco Secure FMC Software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both.

Mitigation

Cisco has released free software updates to address the vulnerability.

Customers can refer to the Cisco Security Advisory (cisco-sa-fmc-radius-rce-TNBKf79) for information about the vulnerability.

Workaround

While there are no suggested workarounds for the vulnerability.

However, this vulnerability is exploited only if RADIUS authentication is configured on Cisco Secure FMC Software. To mitigate this vulnerability, users may use another type of authentication, such as local user accounts, external LDAP authentication, or SAML single sign-on (SSO). For more information, see the Cisco Secure Firewall Management Center Administration Guide.

Qualys Detection

Qualys customers can scan their devices with QID 317674 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79

Comments are closed.

You may also like