August 15, 2025 — Cisco has announced a severe security flaw in its Secure Firewall Management Center (FMC) Software, highlighting a critical remote code execution (RCE) vulnerability, CVE-2025-20265, with a maximum CVSS score of 10.0. Customers are strongly advised to update their systems immediately to prevent potential exploitation.

The vulnerability resides in the RADIUS authentication system within Cisco FMC. If exploited, an unauthenticated attacker could remotely inject and execute arbitrary shell commands on the affected devices. RADIUS is widely used in Cisco networks to authenticate users and manage access to network resources securely.

According to Cisco, the flaw stems from improper handling of user input during the authentication process. Attackers can send specially crafted credentials to a configured RADIUS server, allowing them to execute commands with elevated privileges. The issue affects Cisco Secure FMC Software versions 7.0.7 and 7.7.0 with RADIUS authentication enabled.

How to Mitigate the Risk

Cisco has released a free software update to patch the vulnerability. Organizations with active service contracts should obtain the update through their standard channels.

While there are no direct workarounds, Cisco notes that the vulnerability can only be exploited if RADIUS authentication is enabled. As a temporary mitigation, administrators can switch to alternative authentication methods such as local user accounts, external LDAP authentication, or SAML single sign-on (SSO) until the patch is applied.

This disclosure is part of a broader Cisco security update encompassing 21 advisories, which cover 29 vulnerabilities across Cisco Secure Firewall ASA, FMC, and FTD Software.

Broader Context of Cisco Exploits

Cisco products have faced increasing scrutiny in 2025. In July, the US Cybersecurity and Infrastructure Security Agency (CISA) added two critical flaws in Cisco Identity Services Engine (ISE) to its Known Exploited Vulnerabilities (KEV) catalog. Earlier in March, CISA ordered federal agencies to patch a command injection vulnerability in Cisco Small Business RV Series routers.

Furthermore, in February, Cisco revealed that Chinese state-sponsored actor Salt Typhoon compromised US telecom providers by exploiting Cisco devices using a custom utility named JumbledPath.

Organizations relying on Cisco FMC software should prioritize immediate patching and consider reviewing authentication configurations to reduce exposure to this critical RCE vulnerability.

Source: https://www.infosecurity-magazine.com/news/cisco-critical-rce-flaw-firewall