Overview
- CVE-2025-20265 is a CVSS 10.0 vulnerability in the RADIUS subsystem of Secure Firewall Management Center software that allows unauthenticated remote attackers to inject arbitrary shell commands.
- The flaw impacts only FMC releases 7.0.7 and 7.7.0 when RADIUS authentication is enabled and does not affect ASA or FTD products.
- Cisco has issued patches and a software checker tool to help customers identify and remediate vulnerable instances immediately.
- Cisco’s Product Security Incident Response Team reports no evidence of in-the-wild exploitation and credits security researcher Brandon Sakai for the internal discovery.
- Customers unable to install updates right away are advised to disable RADIUS authentication or switch to local, LDAP or SAML methods as a temporary mitigation.