📅 August 15, 2025 | ⏱ 4 min read | 🔐 Category: Vulnerability Alerts
Cisco has disclosed a critical vulnerability in the RADIUS authentication subsystem of its Secure Firewall Management Center (FMC) software, tracked as CVE-2025-20265. This flaw, rated with the highest severity score of 10.0, allows unauthenticated remote attackers to execute arbitrary shell commands with elevated privileges by sending specially crafted input during the RADIUS authentication process. The vulnerability affects FMC versions 7.0.7 and 7.7.0 when RADIUS authentication is enabled for web or SSH management interfaces.
The exploit works by taking advantage of improper input handling during the authentication phase. When FMC is configured to use RADIUS for administrator logins, it fails to properly sanitize user-supplied credentials. An attacker can submit credentials containing shell metacharacters or command sequences. Instead of treating these as plain text, the system passes them to the underlying operating system, which then executes them with the privileges of the FMC process, typically root or equivalent. This means an attacker does not need valid credentials, only network access to the management interface, to gain full control over the device.
This vulnerability is particularly dangerous because it can be exploited remotely and without authentication. The attacker simply needs to send a specially crafted login request to the FMC’s web or SSH management interface. If successful, the attacker can run any command on the system, potentially leading to a complete compromise of the firewall management infrastructure.
Cisco has released free software updates to address this issue. If patching is not immediately possible, the recommended mitigation is to disable RADIUS authentication and use alternatives such as local user accounts, LDAP, or SAML single sign-on. Organizations should confirm that any mitigation is suitable for their environment before making changes. Cisco reports that the vulnerability was discovered internally and is not known to be exploited in the wild.
In addition to CVE-2025-20265, Cisco has issued patches for several other high-severity vulnerabilities across its security product line, including denial-of-service and HTML injection flaws. For most of these, the only effective mitigation is to apply the latest software updates.
At Cyberix, we are committed to helping businesses protect their digital assets and maintain trust with their customers. Remember, in today’s digital world, it’s not just about being safe—it’s about being CyberixSafe.
Written by: Logan Elliott
Cyberix
https://cyberixsafe.com
