Cisco has launched a safety replace to handle the most important safety flaws within the Safe Firewall Administration Middle (FMC) software program, which permits attackers to run arbitrary code on affected methods.
The vulnerability assigned a CVE identifier CVE-2025-20265 (CVSS rating: 10.0) impacts the implementation of the RADIUS subsystem, which permits an unauthorized distant attacker to inject any shell instructions executed by the gadget.
The Networking Tools Main mentioned the problem was as a result of lack of correct dealing with of person enter throughout the authentication part. Because of this, an attacker can ship specifically created enter when getting into credentials which are authenticated with the configured RADIUS server.
“A profitable exploit permits an attacker to execute instructions at a excessive stage of privilege,” the corporate mentioned in its suggestion on Thursday. “To take advantage of this vulnerability, Cisco Safe FMC software program should be configured for RADIUS authentication with a web-based administration interface, SSH administration, or each.”
The draw back is that if the Cisco Safe FMC software program has RADIUS authentication enabled, it releases 7.0.7 and seven.7.0. There isn’t a different workaround than making use of the patches supplied by the corporate. Cisco’s Brandon Sakai is believed to have found the problem throughout inner safety testing.
Along with CVE-2025-20265, Cisco has additionally solved many high-end bugs –
- CVE-2025-20217 (CVSS rating: 8.6) – Vulnerability in Cisco Safe Firewall Risk Protection Software program Snort 3 Service
- CVE-2025-20222 (CVSS rating: 8.6) – Cisco Safe Firewall Adaptive Safety Equipment and Safe Firewall Risk Protection Software program FOR FIREPOWER 2100 Collection IPv6
- CVE-2025-20224, CVE-2025-20225, CVE-2025-20239 (CVSS rating: 8.6) – Vulnerability in Cisco iOS, iOS XE, Safe Firewall Adaptive Safety Equipment, Safe Firewall Risk Protection Software program IKEV2 Service
- CVE-2025-20133, CVE-2025-20243 (CVSS rating: 8.6) – Cisco Safe Firewall Adaptive Safety Home equipment and Safe Firewall Risk Protection Software program Distant Entry SSL VPN Deny Vulnerability Vulnerability
- CVE-2025-20134 (CVSS rating: 8.6) – Cisco Safe Firewall Adaptive Safety Equipment and Safe Firewall Risk Protection Software program SSL/TLS Certificates Negation Vulnerability
- CVE-2025-20136 (CVSS rating: 8.6) – Cisco Safe Firewall Adaptive Safety Equipment and Safe Firewall Risk Protection Software program Community Tackle Translation DNS Inspection Reject Vulnerability
- CVE-2025-20263 (CVSS rating: 8.6) – Cisco Safe Firewall Adaptive Safety Home equipment and Safe Firewall Risk Protection Software program Net Denial of Service Vulnerability
- CVE-2025-20148 (CVSS rating: 8.5) – Cisco Safe Firewall Administration Middle Software program HTML Injection Vulnerability
- CVE-2025-20251 (CVSS rating: 8.5) – Cisco Safe Firewall Adaptive Safety Equipment and Safe Firewall Risk Protection Software program VPN Net Server Deny Service Vulnerability
- CVE-2025-20127 (CVSS rating: 7.7) – Cisco Safe Firewall Adaptive Safety Equipment and Safe Firewall Risk Protection Software program For FirePower 3100 and 4200 Collection TLS 1.3
- CVE-2025-20244 (CVSS rating: 7.7) – Cisco Safe Firewall Adaptive Safety Home equipment and Safe Firewall Risk Protection Software program Distant Entry VPN Net Server Deny Service Vulnerability
Community home equipment are repeatedly caught up within the attacker’s crosshairs, so there isn’t any flaw below aggressive exploitation within the wild, however it’s important that customers transfer rapidly to replace their situations to the most recent model.
