Cisco Patches Maximum-Severity Firewall Flaw

Cisco Secure Firewall Management Centers Connected to RADIUS Left Vulnerable Pooja Tikekar (@PoojaTikekar) • August 18, 2025

Networking equipment giant Cisco warned firewall customers to patch after discovering a maximum-severity vulnerability that could allow unauthenticated hackers to commandeer the server.

See Also: OnDemand | Hybrid Mesh Firewalls and Microsoft Azure, Extending Your Network Security to the Cloud

The flaw, tracked as CVE-2025-20265, affects instances of Cisco Secure Firewall Management Center that use a RADIUS server for user authentication. The vulnerability is triggered by the improper handling of user input during authentication, Cisco said Thursday.

The flaw rates a maximum score of 10 on the CVSS system. A "successful exploit could allow the attacker to execute commands at a high privilege level," the company warned.

Cisco touts its Firewall Management Center as a centralized mechanism for managing Cisco firewalls deployed across a large enterprise. The vulnerability affects versions 7 ...