CVE-2025-20306
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-14
Last updated on: 2025-08-25
Assigner: Cisco Systems, Inc.
Description
Description
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system.
This vulnerability is due to insufficient input validation of certain HTTP request parameters that are sent to the web-based management interface. An attacker could exploit this vulnerability by authenticating to the interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute commands as the root user on the affected device. To exploit this vulnerability, an attacker would need Administrator-level credentials.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | secure_firewall_management_center | 6.2.3 |
| cisco | secure_firewall_management_center | 6.2.3.1 |
| cisco | secure_firewall_management_center | 6.2.3.2 |
| cisco | secure_firewall_management_center | 6.2.3.3 |
| cisco | secure_firewall_management_center | 6.2.3.4 |
| cisco | secure_firewall_management_center | 6.2.3.5 |
| cisco | secure_firewall_management_center | 6.2.3.6 |
| cisco | secure_firewall_management_center | 6.2.3.7 |
| cisco | secure_firewall_management_center | 6.2.3.8 |
| cisco | secure_firewall_management_center | 6.2.3.9 |
| cisco | secure_firewall_management_center | 6.2.3.10 |
| cisco | secure_firewall_management_center | 6.2.3.11 |
| cisco | secure_firewall_management_center | 6.2.3.12 |
| cisco | secure_firewall_management_center | 6.2.3.13 |
| cisco | secure_firewall_management_center | 6.2.3.14 |
| cisco | secure_firewall_management_center | 6.2.3.15 |
| cisco | secure_firewall_management_center | 6.2.3.16 |
| cisco | secure_firewall_management_center | 6.2.3.17 |
| cisco | secure_firewall_management_center | 6.2.3.18 |
| cisco | secure_firewall_management_center | 6.4.0 |
| cisco | secure_firewall_management_center | 6.4.0.1 |
| cisco | secure_firewall_management_center | 6.4.0.2 |
| cisco | secure_firewall_management_center | 6.4.0.3 |
| cisco | secure_firewall_management_center | 6.4.0.4 |
| cisco | secure_firewall_management_center | 6.4.0.5 |
| cisco | secure_firewall_management_center | 6.4.0.6 |
| cisco | secure_firewall_management_center | 6.4.0.7 |
| cisco | secure_firewall_management_center | 6.4.0.8 |
| cisco | secure_firewall_management_center | 6.4.0.9 |
| cisco | secure_firewall_management_center | 6.4.0.10 |
| cisco | secure_firewall_management_center | 6.4.0.11 |
| cisco | secure_firewall_management_center | 6.4.0.12 |
| cisco | secure_firewall_management_center | 6.4.0.13 |
| cisco | secure_firewall_management_center | 6.4.0.14 |
| cisco | secure_firewall_management_center | 6.4.0.15 |
| cisco | secure_firewall_management_center | 6.4.0.16 |
| cisco | secure_firewall_management_center | 6.4.0.17 |
| cisco | secure_firewall_management_center | 6.4.0.18 |
| cisco | secure_firewall_management_center | 6.6.0 |
| cisco | secure_firewall_management_center | 6.6.0.1 |
| cisco | secure_firewall_management_center | 6.6.1 |
| cisco | secure_firewall_management_center | 6.6.3 |
| cisco | secure_firewall_management_center | 6.6.4 |
| cisco | secure_firewall_management_center | 6.6.5 |
| cisco | secure_firewall_management_center | 6.6.5.1 |
| cisco | secure_firewall_management_center | 6.6.5.2 |
| cisco | secure_firewall_management_center | 6.6.7 |
| cisco | secure_firewall_management_center | 6.6.7.1 |
| cisco | secure_firewall_management_center | 6.6.7.2 |
| cisco | secure_firewall_management_center | 7.0.0 |
| cisco | secure_firewall_management_center | 7.0.0.1 |
| cisco | secure_firewall_management_center | 7.0.1 |
| cisco | secure_firewall_management_center | 7.0.1.1 |
| cisco | secure_firewall_management_center | 7.0.2 |
| cisco | secure_firewall_management_center | 7.0.2.1 |
| cisco | secure_firewall_management_center | 7.0.3 |
| cisco | secure_firewall_management_center | 7.0.4 |
| cisco | secure_firewall_management_center | 7.0.5 |
| cisco | secure_firewall_management_center | 7.0.6 |
| cisco | secure_firewall_management_center | 7.0.6.1 |
| cisco | secure_firewall_management_center | 7.0.6.2 |
| cisco | secure_firewall_management_center | 7.0.6.3 |
| cisco | secure_firewall_management_center | 7.0.7 |
| cisco | secure_firewall_management_center | 7.1.0 |
| cisco | secure_firewall_management_center | 7.1.0.1 |
| cisco | secure_firewall_management_center | 7.1.0.2 |
| cisco | secure_firewall_management_center | 7.1.0.3 |
| cisco | secure_firewall_management_center | 7.2.0 |
| cisco | secure_firewall_management_center | 7.2.0.1 |
| cisco | secure_firewall_management_center | 7.2.1 |
| cisco | secure_firewall_management_center | 7.2.2 |
| cisco | secure_firewall_management_center | 7.2.3 |
| cisco | secure_firewall_management_center | 7.2.3.1 |
| cisco | secure_firewall_management_center | 7.2.4 |
| cisco | secure_firewall_management_center | 7.2.4.1 |
| cisco | secure_firewall_management_center | 7.2.5 |
| cisco | secure_firewall_management_center | 7.2.5.1 |
| cisco | secure_firewall_management_center | 7.2.5.2 |
| cisco | secure_firewall_management_center | 7.2.6 |
| cisco | secure_firewall_management_center | 7.2.7 |
| cisco | secure_firewall_management_center | 7.2.8 |
| cisco | secure_firewall_management_center | 7.2.8.1 |
| cisco | secure_firewall_management_center | 7.2.9 |
| cisco | secure_firewall_management_center | 7.3.0 |
| cisco | secure_firewall_management_center | 7.3.1 |
| cisco | secure_firewall_management_center | 7.3.1.1 |
| cisco | secure_firewall_management_center | 7.3.1.2 |
| cisco | secure_firewall_management_center | 7.4.0 |
| cisco | secure_firewall_management_center | 7.4.1 |
| cisco | secure_firewall_management_center | 7.4.1.1 |
| cisco | secure_firewall_management_center | 7.4.2 |
| cisco | secure_firewall_management_center | 7.4.2.1 |
| cisco | secure_firewall_management_center | 7.4.2.2 |
| cisco | secure_firewall_management_center | 7.6.0 |
| cisco | secure_firewall_management_center | 7.7.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software. It allows an authenticated remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system by exploiting insufficient input validation of certain HTTP request parameters. The attacker must authenticate to the interface and send a specially crafted HTTP request to exploit this issue, potentially executing commands as the root user.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with Administrator-level access to execute arbitrary commands on the device's operating system as the root user. This could lead to unauthorized control over the device, potentially compromising the security and integrity of the firewall management system and the network it protects.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70