CVE-2025-20265

A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device.  This vulnerability is due to a lack of proper handling of user input during the authentication phase. An attacker could exploit this vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server. A successful exploit could allow the attacker to execute commands at a high privilege level. Note: For this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:secure_firewall_management_center:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.7.0:*:*:*:*:*:*:*

History

17 Jun 2026, 08:41

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en la implementación del subsistema RADIUS del software Cisco Secure Firewall Management Center (FMC) podría permitir que un atacante remoto no autenticado inyecte comandos de shell arbitrarios que son ejecutados por el dispositivo. Esta vulnerabilidad se debe a una gestión inadecuada de la entrada del usuario durante la fase de autenticación. Un atacante podría explotar esta vulnerabilidad enviando una entrada manipulada al introducir credenciales que se autenticarán en el servidor RADIUS configurado. Una explotación exitosa podría permitir al atacante ejecutar comandos con un alto nivel de privilegios. Nota: Para explotar esta vulnerabilidad, el software Cisco Secure FMC debe estar configurado para la autenticación RADIUS para la interfaz de administración web, la administración SSH o ambas.

16 Aug 2025, 01:15

Type Values Removed Values Added
References
  • () https://www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-flaw-in-firewall-management-center/ -
  • () https://www.theregister.com/2025/08/15/cisco_secure_firewall_management_bug/ -

15 Aug 2025, 18:26

Type Values Removed Values Added
CPE cpe:2.3:a:cisco:secure_firewall_management_center:7.7.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.7:*:*:*:*:*:*:*
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79 - () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79 - Vendor Advisory
First Time Cisco
Cisco secure Firewall Management Center

14 Aug 2025, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-08-14 17:15

Updated : 2026-06-17 08:41


NVD link : CVE-2025-20265

Mitre link : CVE-2025-20265

CVE.ORG link : CVE-2025-20265


JSON object : View

Products Affected

cisco

  • secure_firewall_management_center
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')