Cisco Warns of Critical RCE Vulnerability in Firewall Software

August 16, 2025Last Updated: August 16, 2025

2 minutes read

Close-up of hands typing on a keyboard with a red warning triangle and 'Loading...' progress bar on screen.

▼ Summary

– Cisco disclosed a critical RCE vulnerability (CVE-2025-20265) in its Secure FMC Software, with a maximum CVSS score of 10.0.
– The flaw exists in the RADIUS system implementation, allowing unauthenticated attackers to execute arbitrary commands if exploited.
– The vulnerability affects Cisco Secure FMC Software releases 7.0.7 and 7.7.0 when RADIUS authentication is enabled.
– Cisco recommends applying updates immediately or switching to alternative authentication methods like LDAP or SAML SSO as a mitigation.
– This advisory follows recent exploits of Cisco products, including vulnerabilities added to CISA’s KEV catalog and attacks by state-sponsored actors.

Cisco has issued an urgent security alert regarding a severe vulnerability in its Secure Firewall Management Center (FMC) Software that could allow attackers to take complete control of affected systems. The critical flaw, tracked as CVE-2025-20265, carries the highest possible severity rating of 10.0 on the CVSS scale, demanding immediate attention from network administrators worldwide.

The weakness stems from improper input validation in the RADIUS authentication component of Cisco FMC Software. Attackers exploiting this vulnerability could remotely execute malicious commands with elevated privileges without requiring any authentication. RADIUS, a widely used protocol for managing network access, becomes the attack vector when improperly configured systems process manipulated credentials during authentication attempts.

Cisco’s security bulletin confirms the flaw impacts versions 7.0.7 and 7.7.0 of Secure FMC Software, but only when RADIUS authentication is active. The company emphasizes that disabling RADIUS authentication and switching to alternative methods like local accounts, LDAP, or SAML SSO can temporarily reduce risk until patches are applied.

This warning arrives alongside 28 other vulnerabilities disclosed in Cisco’s firewall products, though none reach the same severity level. Organizations relying on affected systems should prioritize installing the provided updates immediately, as no effective workarounds exist beyond disabling the vulnerable feature.

The advisory follows a troubling pattern of Cisco product vulnerabilities being actively exploited. Earlier this year, federal agencies mandated patches for similar flaws in Cisco routers after confirmed attacks. Security experts warn that unpatched systems could face imminent threats, especially given the ease of exploitation and high privileges gained through this vulnerability.

Network administrators should review their authentication configurations and apply the latest firmware updates without delay. Cisco’s Product Security Incident Response Team (PSIRT) continues to monitor for exploitation attempts and may release additional guidance if the threat landscape evolves.

(Source: InfoSecurity Magazine)