AI description
CVE-2025-20265 affects the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software. The vulnerability allows an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. This is due to a lack of proper handling of user input during the authentication phase. An attacker could exploit this vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server. Exploitation requires that the Cisco Secure FMC Software be configured for RADIUS authentication for the web-based management interface, SSH management, or both. This vulnerability affects Cisco Secure FMC Software releases 7.0.7 and 7.7.0 if they have RADIUS authentication enabled.
- Description
- A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. This vulnerability is due to a lack of proper handling of user input during the authentication phase. An attacker could exploit this vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server. A successful exploit could allow the attacker to execute commands at a high privilege level. Note: For this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both.
- Source
- psirt@cisco.com
- NVD status
- Modified
- Products
- secure_firewall_management_center
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@cisco.com
- CWE-74
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
13
⚠️ Cisco Secure Firewall – CVSS 10.0 Critical Vulnerability A critical flaw (CVE-2025-20265, CVSS 10.0) has been found in Cisco Secure Firewall Management Center (FMC): https://t.co/dZV004dtbE
@_0b1d1
16 Aug 2025
1048 Impressions
7 Retweets
19 Likes
7 Bookmarks
1 Reply
0 Quotes
Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability (CVE-2025-20265) https://t.co/5Qnza7TYGR #patchmanagement
@eyalestrin
16 Aug 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RCE vulnerability CVE-2025-20265 in RADIUS authentication in CISCO Secure Firewall Management Center with CVSS 3.1 out of 10.0. https://t.co/3eF0MHu2Yf
@etguenni
16 Aug 2025
164 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Cisco warns of a critical RCE vulnerability (CVE-2025-20265) in Secure Firewall Management Center’s RADIUS subsystem, affecting versions 7.0.7 and 7.7.0. #Security https://t.co/ZOz5KedPIV
@Strivehawk
15 Aug 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-20265 in Cisco FMC gets a CVSS 10.0 rating. Attackers can run commands without logging in if RADIUS is enabled. Affected: v7.0.7 & v7.7.0. ✅ Patch now to protect your network. https://t.co/T83ZVJgLS6 #CyberSecurity #Cisco #FMC #CVE2025265 #InfoSec https://t.c
@BusPCsupport
15 Aug 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Fallo crítico en Cisco Secure FMC permite ejecución remota sin credenciales Cisco alertó sobre CVE-2025-20265. Es una vulnerabilidad de inyección de comandos con severidad 10/10. Permite a atacantes no autenticados ejecutar comandos de alto privilegio en Cisco Sec
@CycuraMX
15 Aug 2025
1413 Impressions
16 Retweets
37 Likes
8 Bookmarks
0 Replies
0 Quotes
Critical Cisco FMC RADIUS vulnerability (CVE-2025-20265) enables unauthenticated RCE with CVSS 10.0. Affects releases 7.0.7 & 7.7.0 with RADIUS auth enabled. Patch immediately. #Cisco #RCE #CriticalVuln https://t.co/P6phd1KCvy
@SRA_ThreatWatch
15 Aug 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco Patches Critical FMC RADIUS Flaw (CVE-2025-20265) with CVSS 10.0 Rating #Cisco #CyberSecurity #Vulnerability #PatchNow #CVE202520265 #FirewallSecurity #NetworkSecurity #Infosec #RCE #SecurityUpdate https://t.co/pWZR41xDOE
@cyashadotcom
15 Aug 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco alerts on critical RCE flaw (CVE-2025-20265) in Secure Firewall Management Center versions 7.0.7 & 7.7.0 with RADIUS enabled. Patches released; disabling RADIUS advised if patches can't be applied. #CiscoFirewall #RADIUSFlaw #USA https://t.co/uLu6LoB1Fn
@TweetThreatNews
15 Aug 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Today's top 5 cybersecurity news - August 15, 2025 1. Cisco has issued patches for a critical vulnerability (CVE-2025-20265, CVSS 10.0) in its Secure Firewall Management Center (FMC) Software, which stems from a flaw in the RADIUS subsystem. Source: The Hacker News,
@NewsNerdie
15 Aug 2025
57 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20265 — Critical RCE in Cisco Secure Firewall Management Center (CVSS 10). Exploitable by unauthenticated attackers when RADIUS authentication is enabled; affects FMC 7.0.7 & 7.7.0 🔍 https://t.co/DBdkYZMm8e | ℹ️ https://t.co/DVgMpngIC4 #cve https://t.co
@Netlas_io
15 Aug 2025
474 Impressions
1 Retweet
12 Likes
1 Bookmark
0 Replies
0 Quotes
Critical flaw (CVE-2025-20265) in Secure Firewall Management Center lets remote attackers run high-privilege commands via RADIUS auth. 🎯 Affected: FMC 7.0.7 & 7.7.0 w/ RADIUS enabled ⚠️ No workaround – Patch now Multiple other high-severity Cisco bugs fixed. #Cisco h
@CSec88
15 Aug 2025
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 أصدرت شركة سيسكو تحديثات أمان لمعالجة ثغرة خطيرة في برنامج إدارة جدار الحماية (FMC) قد تسمح لمهاجم بتنفيذ تعليمات برمجية عشوائية على الأنظمة المتأثرة. ا
@Cybercachear
15 Aug 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-20265 (CVSS: 10) affects Cisco Secure Firewall Management Center! A flaw in RADIUS auth lets attackers slip in crafted inputs, potentially executing HIGH-PRIVILEGE commands remotely. Search by vul.cve Filter👉vul.cve="CVE-2025-20265" ZoomEye Dork👉app="Cisc
@zoomeye_team
15 Aug 2025
1034 Impressions
5 Retweets
16 Likes
5 Bookmarks
0 Replies
1 Quote
🚨🚨CVE-2025-20265 (CVSS: 10) affects Cisco Secure Firewall Management Center! A flaw in RADIUS auth lets attackers slip in crafted inputs, potentially executing HIGH-PRIVILEGE commands remotely. Search by vul.cve Filter👉vul.cve="CVE-2025-20265" ZoomEye Dork👉app="Cisc
@zoomeye_team
15 Aug 2025
128 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
Cisco Secure Firewall Management Center (FMC)にCVSSスコア10の脆弱性。CVE-2025-20265はRADIUSサブシステムの実装不備に起因する任意シェルコマンドインジェクション。RADIUS認証がWeb管理IFかSSH管理で有効な場合にのみ脆弱。修
@__kokumoto
15 Aug 2025
1157 Impressions
4 Retweets
13 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CVE-2025-20265: CRITICAL RCE flaw in Cisco Firepower Management Center (7.0.7 & 7.7.0). Unauth attackers can run shell commands with high privileges. Patch ASAP or disable RADIUS auth! https://t.co/R2UIgcELvj... https://t.co/18YjmI2TwM
@offseq
15 Aug 2025
85 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Yet another max score vuln 🥹 🟥 CVE-2025-20265, CVSS: 10.0 (#Critical, #Highest) Cisco Secure Firewall Management Center (FMC) Software A critical vulnerability in the RADIUS subsystem. Unauthenticated remote attackers can inject arbitrary shell commands due to improper
@UjlakiMarci
14 Aug 2025
22465 Impressions
60 Retweets
183 Likes
95 Bookmarks
5 Replies
5 Quotes
Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability (CVE-2025-20265) #Cisco #CiscoSecureFirewallManagementCenter #CVE202520265 #CyberSecurity #RemoteCodeExecutionVulnerability https://t.co/YG157XvMs9
@SystemTek_UK
14 Aug 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-20265: CRITICAL] Cisco Secure FMC Software is vulnerable to remote code execution due to insufficient input validation. Attackers could inject commands via RADIUS, compromising system security.#cve,CVE-2025-20265,#cybersecurity https://t.co/iiuNJu5Mgu https://t.co/7XK8p
@CveFindCom
14 Aug 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:7.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44D21149-BF7B-4188-A336-49AA5683BDC1"
},
{
"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:7.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BBDBCE8-CD5E-48BD-B61B-A36376C5A585"
}
],
"operator": "OR"
}
]
}
]