The vulnerability allowed attackers to inject arbitrary shell commands into systems.
Cisco has patched a very serious bug in its Secure Firewall Management Center (FMC) software. The bug receives a critical CVSS score of ten out of ten. According to the security advisory, the vulnerability has not been actively exploited.
Logging in Becomes Dangerous
Cisco is a centralized management platform for the vendor’s network security products, including firewalls, intrusion prevention systems, URL filtering, and anti-malware tools. It is used by MSPs, government agencies, and educational institutions to manage their networks.
The vulnerability (CVE-2025-20265) is caused by improper processing of user input by the RADIUS authentication system during login to FMC. This occurs only in the web management interface, SSH management, or both. RADIUS is an external authentication protocol used to verify user credentials. “A successful exploit would allow the attacker to execute commands with a high privilege level,” according to the security advisory.
No Workaround Available
Cisco advises all users to install the latest security patch as soon as possible, as no workaround is available. However, it’s not uncommon for Cisco to discover serious vulnerabilities in its systems. Late last year, Cisco also faced a bug with a CVSS score of ten out of ten. Two other vulnerabilities scored 9.8 and affected the Cisco Smart Licensing Utility.