[German]Once again, Cisco is in hot water. The Remote Code Execution (RCE) vulnerability CVE-2025-20265 was found in their Secure Firewall Management Center. This vulnerability was rated with the maximum possible CVSS 3.1 score of 10.0. Administrators need to react immediately.
Cisco RCE vulnerability CVE-2025-20265
On August 14, 2025, Cisco published a security advisory regarding the remote code execution (RCE) vulnerability CVE-2025-20265. The vulnerability is due to the implementation of the RADIUS subsystem in the Cisco Secure Firewall Management Center (FMC) software and could allow an unauthenticated attacker to inject arbitrary shell commands that are executed by the device.
This vulnerability is due to improper processing of user input during the authentication phase. An attacker could exploit this vulnerability by sending manipulated input when entering login credentials that are authenticated on the configured RADIUS server. A successful attack could allow the attacker to execute commands with high privileges.
What is affected
In order for this vulnerability to be exploited, the Cisco Secure FMC software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both. Systems without RADIUS authentication are not affected by CVE-2025-20265.
This vulnerability therefore only affects Cisco Secure FMC software versions 7.0.7 and 7.7.0 when RADIUS authentication is enabled. Instructions for checking whether RADIUS is configured can be found in the section Add a RADIUS External Authentication Object for Management Center in the Cisco Secure Firewall Management Center Administration Guide.
There is a software update
Cisco has released software updates that fix this vulnerability. Detailed information about which Cisco software versions are affected can be found in the Fixed Software document. The affected systems must be updated immediately, as there are no workarounds that fix this vulnerability. Details can be found in the security advisory. (via)
