The vulnerability, tracked as CVE-2025-20265, received the maximum Common Vulnerability Scoring System (CVSS) score of 10.0, indicating its severe nature and potential for widespread exploitation.
The security flaw resides in the RADIUS subsystem implementation of Cisco Secure FMC Software, specifically affecting how the system handles user input during the authentication phase.
According to Cisco’s security advisory, published on August 14, 2025, the vulnerability stems from the improper handling of user credentials processed for RADIUS server authentication.
An attacker can exploit this vulnerability by sending specially crafted input when entering login credentials, allowing them to inject malicious shell commands that execute with high privilege levels on the target device.
The attack requires no prior authentication, making it particularly dangerous as it provides a direct pathway for remote system compromise.
The vulnerability is catalogued under Cisco Bug ID CSCwo91250 and falls under the Common Weakness Enumeration (CWE-74) category, which relates to improper neutralization of special elements in output used by a downstream component.
The vulnerability specifically impacts Cisco Secure FMC Software versions 7.0.7 and 7.7.0, but only when RADIUS authentication is enabled for either the web-based management interface, SSH management, or both.
Systems not configured with RADIUS authentication remain unaffected by this security issue.
Importantly, Cisco confirmed that other firewall products, including Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software, are not vulnerable to this particular flaw.
Cisco has released software updates that completely address the vulnerability, with no workarounds available for affected systems.
However, organizations can mitigate the risk by temporarily disabling RADIUS authentication and switching to alternative authentication methods such as local user accounts, external LDAP authentication, or SAML single sign-on (SSO).
The security advisory emphasizes that customers should evaluate the applicability and effectiveness of any mitigation strategies within their specific network environments, as changes to authentication methods may impact functionality or performance.
This disclosure is part of Cisco’s August 2025 Semiannual Security Advisory Bundled Publication for Secure Firewall products, highlighting the company’s ongoing commitment to proactive vulnerability disclosure and remediation.
Organizations using affected Cisco FMC systems should immediately assess their configurations and apply available security updates.
Those with RADIUS authentication enabled should prioritize patching efforts given the critical nature of this vulnerability and the potential for remote code execution without authentication requirements.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post Critical Cisco Secure Firewall Flaw Enables Remote Shell Command Injection appeared first on Cyber Security News.
All eight episodes of Ted Season 2 debut on March 5 on Peacock. As soon…
In the ever-evolving world of malvertising, where bad actors continually refine their techniques, a new…
Retired Concord Circuit Court Judge Gerard Boyle has been nominated to be the next settlement…
Salisbury residents will be voting on a number of issues and candidates on March 10,…
Christopher Ellms Jr. received a 4-1 vote from the executive council on Wednesday to become…
Merrimack Valley voters will cast their ballots on March 5 in four School Board races,…
This website uses cookies.