Cisco warns of essential distant code execution (RCE) vulnerabilities within the RADIUS subsystem of the Safe Firewall Administration Heart (FMC) software program.
Cisco FCM is a vendor’s safe firewall product administration platform that gives a centralized internet or SSH-based interface that permits directors to configure, monitor and replace Cisco firewalls.
RADIUS in FMC is an non-obligatory exterior authentication methodology that permits you to connect with a distant authentication dial-in consumer service server on behalf of an area account.
This configuration is often utilized in company and authorities networks the place directors require central login management and accounting for community machine entry.
The not too long ago disclosed vulnerability was tracked as CVE-2025-20265, with a most severity rating of 10 out of 10.
When coming into credentials throughout the RADIUS authentication step, you may enable an unauthorized distant attacker to ship specifically created enter.
Subsequently, the enemy can improve privileges to realize execution of any shell command.
“A vulnerability within the implementation of the RADIUS subsystem in Cisco Safe Firewall Administration Heart (FMC) software program permits unauthorized distant attackers to inject any shell instructions executed by the machine,” Cisco warns in safety bulletins.
“The vulnerability is as a result of lack of correct dealing with of consumer enter throughout the authentication section,” the seller says. CVE-2025-20265 impacts FMC variations 7.0.7 and seven.7.0.
Cisco has launched a free software program replace to deal with the problem. This modification was launched to clients via common channels in a sound service settlement.
If you cannot set up the patch, Cisco’s really helpful mitigation is to disable RADIUS authentication and exchange it with a distinct methodology (native consumer account, exterior LDAP, or SAML single sign-on).
Cisco factors out that the mitigation was working in testing, however clients have to see its applicability and its impression within the surroundings.
The vulnerability was found internally by Cisco safety researcher Brandon Sakai, and the seller is unaware of the vulnerability being exploited within the wild.
Along with CVE-2025-20265, Cisco has additionally launched 13 high-strength defect fixes throughout a wide range of merchandise, none of which have been marked as actively misused.
The seller says there is no such thing as a workaround for any of the above safety points, aside from CVE-2025-20127.
For all different points, distributors suggest putting in the newest updates obtainable.
