AI description
CVE-2025-20265 affects the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software. The vulnerability allows an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. This is due to a lack of proper handling of user input during the authentication phase. An attacker could exploit this vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server. Exploitation requires that the Cisco Secure FMC Software be configured for RADIUS authentication for the web-based management interface, SSH management, or both. This vulnerability affects Cisco Secure FMC Software releases 7.0.7 and 7.7.0 if they have RADIUS authentication enabled.
- Description
- A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. This vulnerability is due to a lack of proper handling of user input during the authentication phase. An attacker could exploit this vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server. A successful exploit could allow the attacker to execute commands at a high privilege level. Note: For this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both.
- Source
- psirt@cisco.com
- NVD status
- Modified
- Products
- secure_firewall_management_center
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@cisco.com
- CWE-74
- Hype score
- Not currently trending
Actively exploited CVE : CVE-2025-20265
@transilienceai
7 Sept 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-20265
@transilienceai
6 Sept 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-20265
@transilienceai
5 Sept 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-20265
@transilienceai
30 Aug 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-20265
@transilienceai
28 Aug 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
The Cisco FMC vulnerability CVE-2025-20265 is a game-changer for supply chain attacks! Unauthenticated command injection grants high-privilege access, echoing SolarWinds chaos. Patch now to avoid breaches in manufacturing & retail. Read more: https://t.co/OTvuqm0PZ3 https://
@blackbeltsecure
27 Aug 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-20265
@transilienceai
26 Aug 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️Vulnerabilidades en productos Cisco ❗CVE-2025-20265 ❗CVE-2025-20222 ❗CVE-2025-20217 ➡️Más info: https://t.co/eMFL89PqPu https://t.co/55JdCJj3eQ
@CERTpy
22 Aug 2025
81 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
New IOC Alert → Greedy Sponge Targets Mexico with AllaKore RAT and SystemBC. ■ Adversary: Greedy Sponge ■ Indicator: CVE-2025-20265
@CTI131
21 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco Secure Firewall Management Center是一套集中式管理平台,用於統一管理與監控 Cisco 防火牆產品,提供完整的威脅防禦視野。Cisco發布資安漏洞公告(CVE-2025-20265,CVSS:10.0)並釋出更新版本,此漏洞透過進行身份驗證時
@lfcba8178
20 Aug 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Cisco Secure Firewall – CVSS 10.0 Critical Vulnerability A critical flaw (CVE-2025-20265, CVSS 10.0) has been found in Cisco Secure Firewall Management Center (FMC): https://t.co/l2QfGEuYfL
@mark_recovery87
19 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️New @Cisco alert: CVE-2025-20265 (CVSS 10.0) allows remote code execution on Secure FMC. 28 other flaws disclosed across ASA, FMC & FTD. Patch ASAP. Details - https://t.co/pnMcnRRpEV #CyberSecurityAwareness #Cisco #vulnerability #infosec #CybersecurityNews https:/
@socradar
18 Aug 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20265: Maximum-Severity Remote Code Execution Vulnerability in Cisco Secure Firewall Management Center https://t.co/pbTJTYUucb
@Dinosn
18 Aug 2025
1841 Impressions
4 Retweets
12 Likes
2 Bookmarks
0 Replies
0 Quotes
シスコ、ファイアウォール管理プラットフォームの重大な脆弱性を修正(CVE-2025-20265) | Codebook|Security News https://t.co/psE7pVbcxH
@ohhara_shiojiri
18 Aug 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Vulnerability in Cisco Secure Firewall Management Center Software RADIUS (CVE-2025-20265). Please see the @ncsc_gov_ie advisory for more info: https://t.co/JLRz1wFXNX
@ncsc_gov_ie
18 Aug 2025
300 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Cisco issues urgent advisory: CVSS 10.0 flaw (CVE-2025-20265) in FMC RADIUS allows remote code execution. No workarounds—patch now! 🔒 Read More: https://t.co/6AynK0ZCeH #Cisco #CyberSecurity #CVE202520265 #rce #Canada #CanadaCyberAwareness https://t.co/ztYtDrKtXw
@FindSecCyber
18 Aug 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔨シスコ、ファイアウォール管理プラットフォームの重大な脆弱性を修正(CVE-2025-20265) 🇹🇼台湾のWebインフラがAPT「UAT-7237」の標的に カスタムツールセットが使われる 〜サイバーセキュリティ週末の
@MachinaRecord
18 Aug 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco Secure FMCのRADIUSで深刻な脆弱性(CVE-2025-20265)-ただちに設定確認とアップデートを #セキュリティ対策Lab #セキュリティ #Security https://t.co/2SjwwvqdeR
@securityLab_jp
18 Aug 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco Patches Critical CVE-2025-20265 RCE in Firewall Management Center https://t.co/sHzc1HdyxG #CyberSecurity #Patches #CSCIS
@CIDC_Ops
18 Aug 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🔥 PATCH ALERT – Critical Cisco FMC RCE CVE-2025-20265 → unauthenticated remote code execution when RADIUS is enabled on FMC 7.0.7 / 7.7.0. ⚠️ Severity: CVSS 10.0 (max) 🛡 Fix: Patch immediately. 🚫 Workaround: Disable RADIUS → use local, LDAP, or SAML unt
@Newtalics
17 Aug 2025
56 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
⚠️ Cisco Secure Firewall – CVSS 10.0 Critical Vulnerability A critical flaw (CVE-2025-20265, CVSS 10.0) has been found in Cisco Secure Firewall Management Center (FMC): https://t.co/dZV004dtbE
@_0b1d1
16 Aug 2025
1240 Impressions
8 Retweets
22 Likes
8 Bookmarks
1 Reply
0 Quotes
Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability (CVE-2025-20265) https://t.co/5Qnza7TYGR #patchmanagement
@eyalestrin
16 Aug 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RCE vulnerability CVE-2025-20265 in RADIUS authentication in CISCO Secure Firewall Management Center with CVSS 3.1 out of 10.0. https://t.co/3eF0MHu2Yf
@etguenni
16 Aug 2025
168 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Cisco warns of a critical RCE vulnerability (CVE-2025-20265) in Secure Firewall Management Center’s RADIUS subsystem, affecting versions 7.0.7 and 7.7.0. #Security https://t.co/ZOz5KedPIV
@Strivehawk
15 Aug 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-20265 in Cisco FMC gets a CVSS 10.0 rating. Attackers can run commands without logging in if RADIUS is enabled. Affected: v7.0.7 & v7.7.0. ✅ Patch now to protect your network. https://t.co/T83ZVJgLS6 #CyberSecurity #Cisco #FMC #CVE2025265 #InfoSec https://t.c
@BusPCsupport
15 Aug 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Fallo crítico en Cisco Secure FMC permite ejecución remota sin credenciales Cisco alertó sobre CVE-2025-20265. Es una vulnerabilidad de inyección de comandos con severidad 10/10. Permite a atacantes no autenticados ejecutar comandos de alto privilegio en Cisco Sec
@CycuraMX
15 Aug 2025
1413 Impressions
16 Retweets
37 Likes
8 Bookmarks
0 Replies
0 Quotes
Critical Cisco FMC RADIUS vulnerability (CVE-2025-20265) enables unauthenticated RCE with CVSS 10.0. Affects releases 7.0.7 & 7.7.0 with RADIUS auth enabled. Patch immediately. #Cisco #RCE #CriticalVuln https://t.co/P6phd1KCvy
@SRA_ThreatWatch
15 Aug 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco Patches Critical FMC RADIUS Flaw (CVE-2025-20265) with CVSS 10.0 Rating #Cisco #CyberSecurity #Vulnerability #PatchNow #CVE202520265 #FirewallSecurity #NetworkSecurity #Infosec #RCE #SecurityUpdate https://t.co/pWZR41xDOE
@cyashadotcom
15 Aug 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco alerts on critical RCE flaw (CVE-2025-20265) in Secure Firewall Management Center versions 7.0.7 & 7.7.0 with RADIUS enabled. Patches released; disabling RADIUS advised if patches can't be applied. #CiscoFirewall #RADIUSFlaw #USA https://t.co/uLu6LoB1Fn
@TweetThreatNews
15 Aug 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Today's top 5 cybersecurity news - August 15, 2025 1. Cisco has issued patches for a critical vulnerability (CVE-2025-20265, CVSS 10.0) in its Secure Firewall Management Center (FMC) Software, which stems from a flaw in the RADIUS subsystem. Source: The Hacker News,
@NewsNerdie
15 Aug 2025
57 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20265 — Critical RCE in Cisco Secure Firewall Management Center (CVSS 10). Exploitable by unauthenticated attackers when RADIUS authentication is enabled; affects FMC 7.0.7 & 7.7.0 🔍 https://t.co/DBdkYZMm8e | ℹ️ https://t.co/DVgMpngIC4 #cve https://t.co
@Netlas_io
15 Aug 2025
474 Impressions
1 Retweet
12 Likes
1 Bookmark
0 Replies
0 Quotes
Critical flaw (CVE-2025-20265) in Secure Firewall Management Center lets remote attackers run high-privilege commands via RADIUS auth. 🎯 Affected: FMC 7.0.7 & 7.7.0 w/ RADIUS enabled ⚠️ No workaround – Patch now Multiple other high-severity Cisco bugs fixed. #Cisco h
@CSec88
15 Aug 2025
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 أصدرت شركة سيسكو تحديثات أمان لمعالجة ثغرة خطيرة في برنامج إدارة جدار الحماية (FMC) قد تسمح لمهاجم بتنفيذ تعليمات برمجية عشوائية على الأنظمة المتأثرة. ا
@Cybercachear
15 Aug 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-20265 (CVSS: 10) affects Cisco Secure Firewall Management Center! A flaw in RADIUS auth lets attackers slip in crafted inputs, potentially executing HIGH-PRIVILEGE commands remotely. Search by vul.cve Filter👉vul.cve="CVE-2025-20265" ZoomEye Dork👉app="Cisc
@zoomeye_team
15 Aug 2025
1034 Impressions
5 Retweets
16 Likes
5 Bookmarks
0 Replies
1 Quote
🚨🚨CVE-2025-20265 (CVSS: 10) affects Cisco Secure Firewall Management Center! A flaw in RADIUS auth lets attackers slip in crafted inputs, potentially executing HIGH-PRIVILEGE commands remotely. Search by vul.cve Filter👉vul.cve="CVE-2025-20265" ZoomEye Dork👉app="Cisc
@zoomeye_team
15 Aug 2025
128 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
Cisco Secure Firewall Management Center (FMC)にCVSSスコア10の脆弱性。CVE-2025-20265はRADIUSサブシステムの実装不備に起因する任意シェルコマンドインジェクション。RADIUS認証がWeb管理IFかSSH管理で有効な場合にのみ脆弱。修
@__kokumoto
15 Aug 2025
1157 Impressions
4 Retweets
13 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CVE-2025-20265: CRITICAL RCE flaw in Cisco Firepower Management Center (7.0.7 & 7.7.0). Unauth attackers can run shell commands with high privileges. Patch ASAP or disable RADIUS auth! https://t.co/R2UIgcELvj... https://t.co/18YjmI2TwM
@offseq
15 Aug 2025
85 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Yet another max score vuln 🥹 🟥 CVE-2025-20265, CVSS: 10.0 (#Critical, #Highest) Cisco Secure Firewall Management Center (FMC) Software A critical vulnerability in the RADIUS subsystem. Unauthenticated remote attackers can inject arbitrary shell commands due to improper
@UjlakiMarci
14 Aug 2025
22465 Impressions
60 Retweets
183 Likes
95 Bookmarks
5 Replies
5 Quotes
Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability (CVE-2025-20265) #Cisco #CiscoSecureFirewallManagementCenter #CVE202520265 #CyberSecurity #RemoteCodeExecutionVulnerability https://t.co/YG157XvMs9
@SystemTek_UK
14 Aug 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-20265: CRITICAL] Cisco Secure FMC Software is vulnerable to remote code execution due to insufficient input validation. Attackers could inject commands via RADIUS, compromising system security.#cve,CVE-2025-20265,#cybersecurity https://t.co/iiuNJu5Mgu https://t.co/7XK8p
@CveFindCom
14 Aug 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:7.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44D21149-BF7B-4188-A336-49AA5683BDC1"
},
{
"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:7.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BBDBCE8-CD5E-48BD-B61B-A36376C5A585"
}
],
"operator": "OR"
}
]
}
]