Particle.news

Download on the App Store

Cisco Urges Customers to Patch Critical RADIUS Flaw in Firewall Management Center

Cisco’s emergency updates combined with a detection tool arrive after the company disclosed a maximum-severity RCE flaw that permits unauthenticated shell command injection.

Overview

  • CVE-2025-20265 is a CVSS 10.0 vulnerability in the RADIUS subsystem of Secure Firewall Management Center software that allows unauthenticated remote attackers to inject arbitrary shell commands.
  • The flaw impacts only FMC releases 7.0.7 and 7.7.0 when RADIUS authentication is enabled and does not affect ASA or FTD products.
  • Cisco has issued patches and a software checker tool to help customers identify and remediate vulnerable instances immediately.
  • Cisco’s Product Security Incident Response Team reports no evidence of in-the-wild exploitation and credits security researcher Brandon Sakai for the internal discovery.
  • Customers unable to install updates right away are advised to disable RADIUS authentication or switch to local, LDAP or SAML methods as a temporary mitigation.