Cisco is warning a few crucial distant code execution (RCE) vulnerability within the RADIUS subsystem of its Safe Firewall Administration Heart (FMC) software program.
Cisco FCM is a administration platform for the seller’s Safe Firewall merchandise, which offers a centralized net or SSH-based interface to permit directors to configure, monitor, and replace Cisco firewalls.
RADIUS in FMC is an optionally available exterior authentication technique that allows connecting to a Distant Authentication Dial-In Consumer Service server as a substitute of native accounts.
This configuration is usually utilized in enterprise and authorities networks the place directors need centralized login management and accounting for community machine entry.
The lately disclosed vulnerability is tracked as CVE-2025-20265 and acquired the utmost severity rating of 10 out of 10.
It may be exploited to permit an unauthenticated distant attacker to ship specifically crafted enter when coming into credentials through the RADIUS authentication step.
An adversary might thus obtain arbitrary shell command execution with elevated privileges.
“A vulnerability within the RADIUS subsystem implementation of Cisco Safe Firewall Administration Heart (FMC) Software program might permit an unauthenticated, distant attacker to inject arbitrary shell instructions which might be executed by the machine,” warns Cisco within the security bulletin.
“This vulnerability is because of an absence of correct dealing with of consumer enter through the authentication section,” the seller says. CVE-2025-20265 impacts FMC variations 7.0.7 and seven.7.0 when the RADIUS authentication is enabled for the web-based administration interface, SSH administration, or each.
Cisco has launched free software program updates that deal with the problem. The repair was launched by common channels to prospects with a sound service contract.
If the patch can’t be put in, Cisco’s really helpful mitigation is to disable RADIUS authentication and substitute it with a distinct technique (e.g. native consumer accounts, exterior LDAP, or SAML single sign-on).
Cisco notes that this mitigation labored in testing, however prospects should confirm its applicability and the affect it has of their environments.
The vulnerability was found internally by Cisco’s security researcher Brandon Sakai, and the seller shouldn’t be conscious of the vulnerability being exploited within the wild.
Together with CVE-2025-20265, Cisco additionally launched fixes for 13 high-severity flaws throughout numerous merchandise, none of them marked as actively exploited:
The seller says that there are not any workarounds for any of the above security points apart from CVE-2025-20127, the place the advice is to take away the TLS 1.3 cipher.
For all different points the seller recommends putting in the most recent updates accessible.
46% of environments had passwords cracked, practically doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration tendencies.
