Cisco warns of worrying major security flaw in firewall command center, so patch now

News
By published

Cisco says it patched a 10/10 severity flaw, so update now

An abstract image of a lock against a digital background, denoting cybersecurity.
(Image Credit: TheDigitalArtist / Pixabay) (Image credit: Pixabay)
  • Cisco found a 10/10 flaw in Secure Firewall Management Center
  • It released a patch and advised on possible mitigations
  • No evidence of in-the-wild abuse so far, but users should still be on guard

Cisco recently fixed a maximum-severity vulnerability in its Secure Firewall Management Center (FMC) product, and urged users to apply either the patch, or the mitigation, as soon as possible.

FMC is a centralized platform for configuring, monitoring, and analyzing Cisco Secure Firewalls, where users can manage policies, track threat intelligence, and monitor their deployments across endpoints.

As per Cisco’s new security advisory, the vulnerability was discovered in the RADIUS subsystem implementation of FMC. RADIUS (Remote Authentication Dial-In User Service) is a protocol used to authenticate, authorize, and account for FMC administrators and VPN users by integrating with an external identity server.

Fixes and mitigations

The flaw is described as an “improper handling of user input during the authentication bug” which could allow an unauthenticated remote attacker to inject arbitrary shell commands.

In theory, this could be done by sending crafted input when entering credentials - however the caveat here is that FMC must be configured for RADIUS authentication for the web-based management interface, SSH, or both, for the bug to be exploitable.

The bad news is that, according to BleepingComputer, this configuration is “commonly used” in enterprise and government networks where administrators want centralized login control and accounting for network device access. Therefore, the attack surface could be rather large, and the victims high in profile.

It is now tracked as CVE-2025-20265, and was given a severity score of 10/10 (critical).

Cisco released a patch to fix the issue, and said those that cannot apply it should disable RADIUS authentication and replace it with a different method, such as local user accounts, external LDAP, or similar. The company also said that the mitigations proved good in testing, but warned customers to run the tests themselves.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.