Blog

Urgent Security Advisory: CVE-2025-20265 – Critical RCE Vulnerability (CVSS 10.0) in Cisco Secure FMC

Cisco has released a critical security update addressing an unauthenticated remote code execution (RCE) vulnerability—CVE-2025-20265—in its Secure Firewall Management Center (FMC) Software. With the maximum CVSS score of 10.0, this flaw demands immediate attention from network defenders.

What’s the Threat?

This vulnerability resides in the RADIUS subsystem of Cisco Secure FMC, specifically affecting versions 7.0.7 and 7.7.0 when RADIUS authentication is enabled for either the web-based management interface or SSH access. Due to improper input handling during authentication, attackers can inject shell commands via crafted credentials, executed with high privilege on the target system.

Why It’s Alarming

  • Maximum Severity (CVSS 10.0): Indicates easy exploitability with catastrophic impact.

  • No Privileges Required: The attack requires no prior authentication or user interaction.

  • High Impact on Availability & Integrity: If exploited, attackers gain full control over firewall management.

  • No Workarounds Available: Only timely patching will eliminate this threat.

  • No Known Exploits Yet: Cisco currently hasn’t observed any active exploitation in the wild.

Immediate Mitigation Steps

  1. Patch Now
    Upgrade Cisco Secure FMC Software in affected versions (7.0.7 and 7.7.0) to the latest releases where the vulnerability has been fixed.

  2. Temporary Workaround
    If patching cannot be immediate, disable RADIUS authentication for web-based and SSH management. Consider switching to local user accounts, LDAP, or SAML SSO if compatible.

  3. Enhance Network Protections
    Limit access to management interfaces—restrict to trusted networks, implement strict ACLs, and segment the management plane from production traffic.

  4. Monitor & Audit
    Watch for suspicious authentication attempts, explore access logs, and prepare for incident response. Conduct thorough audits post-remediation.

Additional Cisco Fixes

Cisco also addressed several other high-severity vulnerabilities (CVSS 7.7 to 8.6), including DoS flaws in Snort 3, IPv6 over IPsec, IKEv2 components, SSL VPN, and more—patching is strongly recommended.

Conclusion

CVE-2025-20265 is a rare, maximum-impact vulnerability affecting core firewall management systems. While no active attacks are reported today, its severity and simplicity of exploitation mean it cannot be ignored. Network security teams must act now:

  • Audit for exposed FMC systems.

  • Apply patches or disable RADIUS authentication.

  • Harden access to management interfaces.

  • Stay vigilant for signs of compromise.

References

  1. The Hacker News – Cisco Warns of CVSS 10.0 FMC RADIUS Flawhttps://thehackernews.com/2025/08/cisco-warns-of-cvss-100-fmc-radius-flaw.html

  2. Cisco Security Advisory – CVE-2025-20265: Cisco Secure FMC RADIUS Authentication Remote Code Execution Vulnerabilityhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce

  3. GitHub Security Advisory – GHSA-rc2h-jcr9-jm85https://github.com/advisories/GHSA-rc2h-jcr9-jm85

  4. Security Online Info – Critical Cisco RCE Flaw (CVE-2025-20265)https://securityonline.info/critical-cisco-rce-flaw-cve-2025-20265-cvss-10-unauthenticated-attackers-can-hijack-firewalls/

  5. Feedly CVE Tracker – CVE-2025-20265https://feedly.com/cve/CVE-2025-20265