CVE-2025-20265
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-14

Last updated on: 2025-08-16

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device.  This vulnerability is due to a lack of proper handling of user input during the authentication phase. An attacker could exploit this vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server. A successful exploit could allow the attacker to execute commands at a high privilege level. Note: For this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-14
Last Modified
2025-08-16
Generated
2026-05-27
AI Q&A
2025-08-14
EPSS Evaluated
2026-05-25
NVD
CVE-2025-20265
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
cisco secure_firewall_management_center 7.0.7
cisco secure_firewall_management_center 7.7.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the RADIUS subsystem of Cisco Secure Firewall Management Center (FMC) Software. It allows an unauthenticated remote attacker to inject arbitrary shell commands that the device will execute. The issue arises from improper handling of user input during the authentication phase. An attacker can exploit this by sending specially crafted input when providing credentials to the RADIUS server, potentially executing commands with high privileges on the device. This requires the FMC to be configured to use RADIUS authentication for its web-based or SSH management interfaces.


How can this vulnerability impact me? :

If exploited, this vulnerability can allow an attacker to execute arbitrary commands on the affected device with high privileges without authentication. This could lead to full compromise of the device, unauthorized access, disruption of services, data theft, or further attacks within the network.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, immediately disable RADIUS authentication on Cisco Secure Firewall Management Center (FMC) Software if it is currently enabled for the web-based management interface or SSH management. Alternatively, apply any available security updates or patches from Cisco that address this vulnerability. Additionally, restrict network access to the management interfaces to trusted hosts only until a patch is applied.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart