Overview

• CVE-2025-20265 is a CVSS 10.0 vulnerability in the RADIUS subsystem of Secure Firewall Management Center software that allows unauthenticated remote attackers to inject arbitrary shell commands.
• The flaw impacts only FMC releases 7.0.7 and 7.7.0 when RADIUS authentication is enabled and does not affect ASA or FTD products.
• Cisco has issued patches and a software checker tool to help customers identify and remediate vulnerable instances immediately.
• Cisco’s Product Security Incident Response Team reports no evidence of in-the-wild exploitation and credits security researcher Brandon Sakai for the internal discovery.
• Customers unable to install updates right away are advised to disable RADIUS authentication or switch to local, LDAP or SAML methods as a temporary mitigation.