Cisco Secure Firewall Vulnerability Lets Attackers Execute Remote Shell Commands
gbhackersCisco has disclosed a critical security vulnerability in its Secure Firewall Management Center software that could allow unauthenticated attackers to remotely execute shell commands with elevated privileges.
The flaw, tracked as CVE-2025-20265, carries a maximum CVSS score of 10.0 and affects organizations using RADIUS authentication for their firewall management interfaces.
Critical Remote Code Execution Flaw Discovered
The vulnerability resides in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software, specifically affecting versions 7.0.7 and 7.7.0.
Security researchers identified that improper handling of user input during the authentication phase creates an opportunity for command injection attacks.
| Attribute | Details |
| CVE ID | CVE-2025-20265 |
| CVSS Score | 10.0 (Critical) |
| CWE | CWE-74 (Command Injection) |
Attackers can exploit this weakness by sending specially crafted credentials during the RADIUS authentication process, potentially gaining high-level system access without any prior authentication.
The vulnerability’s critical rating reflects its severe potential ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE