Cisco has issued a warning about a critical remote code execution vulnerability (CVE-2025-20265) in its Secure Firewall Management Center (FMC) software that can allow remote attackers to execute arbitrary commands. The company has released patches and recommends disabling RADIUS authentication if unable to update immediately. #CVE-2025-20265 #CiscoFirewall #RADIUSVulnerability
Keypoints
- Cisco issues a security alert for a high-severity RCE flaw in FMC software.
- The vulnerability affects versions 7.0.7 and 7.7.0 when RADIUS is enabled.
- An attacker can exploit this flaw through specially crafted credential inputs during authentication.
- Cisco recommends installing patches or disabling RADIUS authentication as mitigation.
- Other associated security flaws have also been patched, with no known active exploits for the RCE vulnerability.