Skip to content
News

Cisco Announces Critical Remote Code Execution Vulnerability in Firewall Administration Software

Unauthenticated, distant hackers might exploit a weakness in Cisco software, enabling them to insert arbitrary shell commands without authorization, prompting a software update from Cisco to counters these attacks.

 and  Administrator
2 min read
Vulnerable Remote Code Execution (RCE) Discovered in Cisco Firewall Management Software's Core...
Vulnerable Remote Code Execution (RCE) Discovered in Cisco Firewall Management Software's Core System

Cisco Announces Critical Remote Code Execution Vulnerability in Firewall Administration Software

Cisco has recently disclosed a critical vulnerability in its Secure Firewall Management Center (FMC) Software, identified as CVE-2025-20265. This vulnerability, with a maximum CVSS severity score of 10.0, allows an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device.

The vulnerability is contained in the RADIUS system implementation of Cisco FMC software. It arises due to a lack of proper handling of user input during the authentication phase, which could potentially lead to a compromise if exploited.

Customers have been urged to apply software updates as soon as possible to mitigate this risk. Cisco has offered a free software update to address the specific Secure FMC flaw, and customers with service contracts can obtain security fixes through their usual update channels.

However, there are no workarounds that address the vulnerability directly. Customers can mitigate the issue by switching to another type of authentication, such as local user accounts, external LDAP authentication, or SAML single sign-on (SSO).

This disclosure follows a spate of reported exploitations of Cisco's products in 2025. Notably, in February, Cisco revealed that Chinese state-sponsored actor Salt Typhoon gained access to US telecoms providers through Cisco devices, leveraging a custom-built utility called JumbledPath.

In July, the US Cybersecurity and Infrastructure Security Agency (CISA) added two critical flaws in Cisco Identity Services Engine (ISE) Software to its Known Exploited Vulnerabilities (KEV) catalog. In March, the agency ordered federal government bodies to patch CVE-2023-20118, a command injection vulnerability in the web-based management interface of multiple Cisco Small Business RV Series routers.

No specific attacker group or individual has been publicly identified as exploiting the CVE-2025-20265 vulnerability in Cisco Secure Firewall Management Center in August 2023. The reports describe the vulnerability as allowing unauthenticated remote code execution but do not name a particular attacker.

RADIUS is an access server authentication and accounting protocol used by Cisco devices. The latest Cisco advisory is part of a bundled publication that includes 21 Cisco Security Advisories describing 29 vulnerabilities in Cisco Secure Firewall ASA, Secure FMC, and Secure FTD Software.

Customers are advised to stay vigilant and apply updates promptly to ensure the security of their systems. It is crucial to prioritise cybersecurity in today's digital landscape, especially when dealing with sensitive network management software like the Cisco Secure Firewall Management Center.

Read also:

Related

Latest