Uncovered: Vulnerable Remote Code Execution (RCE) Issue in Cisco Firewall Management System Software

In a recent advisory, the Cisco Product Security Incident Response Team (PSIRT) has warned customers about a critical remote code execution vulnerability (CVE-2025-20265) in the Cisco Secure Firewall Management Center (FMC) Software. This vulnerability, with a maximum CVSS severity score of 10.0, affects Cisco Secure FMC Software releases 7.0.7 and 7.7.0 if they have RADIUS authentication enabled.

The vulnerability is contained within the RADIUS system implementation of the Cisco FMC software. If exploited, an unauthenticated, remote attacker could inject arbitrary shell commands that are executed by the device. A successful exploit could also allow the attacker to execute commands at a high privilege level.

The vulnerability arises due to a lack of proper handling of user input during the authentication phase. The notification is part of a bundled publication that includes 21 Cisco Security Advisories describing 29 vulnerabilities in Cisco Secure Firewall ASA, Secure FMC, and Secure FTD Software.

The US Cybersecurity and Infrastructure Security Agency (CISA) has also taken note of this vulnerability, following a series of reported exploitations of Cisco's products in 2025. In March, the agency ordered federal government bodies to patch CVE-2023-20118, a command injection vulnerability in the web-based management interface of multiple Cisco Small Business RV Series routers. In July, CISA added two critical flaws in Cisco Identity Services Engine (ISE) Software to its Known Exploited Vulnerabilities (KEV) catalog.

Cisco has disclosed that Chinese state-sponsored actor Salt Typhoon gained access to US telecoms providers through Cisco devices, using a custom-built utility called JumbledPath, back in February.

Customers with service contracts can obtain security fixes through their usual update channels. Cisco has offered a free software update to address the specific Secure FMC flaw. To mitigate the vulnerability, customers can switch to another type of authentication, such as local user accounts, external LDAP authentication, or SAML single sign-on.

Cisco urges customers to apply software updates as soon as possible to avoid potential compromise. The company emphasizes the importance of staying vigilant and keeping software updated to protect against such vulnerabilities.

Uncovered: Vulnerable Remote Code Execution (RCE) Issue in Cisco Firewall Management System Software