Cisco's Secure Firewall Management Center now not-so secure, springs a CVSS 10 RCE hole

Cisco has issued a patch for a maximum-severity bug in its Secure Firewall Management Center (FMC) software that could allow an unauthenticated, remote attacker to inject arbitrary shell commands on vulnerable systems.

The vulnerability, tracked as CVE-2025-20265, received a critical 10.0 CVSS rating. It's caused by improper handling of user input by FMC's RADIUS authentication subsystem during the login process. Exploitation is possible only if FMC is configured to use RADIUS authentication for the web-based management interface, SSH management, or both.

Cisco FMC is a centralized management platform for the vendor's network security products, including firewalls, intrusion prevention systems, URL filtering, and anti-malware tools. It's used by large enterprises, managed service providers (MSPs), government agencies, and educational institutions to manage their networks. RADIUS is an external authentication protocol used to verify users' credentials.

"An attacker could exploit this vulnerability by sending crafted input when entering ...