Cisco Alerts on Critical CVSS 10.0 RADIUS Vulnerability in Secure Firewall Management Center

Cisco has issued urgent patches for a critical vulnerability in its Secure Firewall Management Center (FMC) software, rated the highest possible severity (CVSS score: 10.0). If exploited, the flaw could enable remote attackers to run arbitrary code on vulnerable systems.

Tracked as CVE-2025-20265, the issue lies in the RADIUS subsystem of FMC. An unauthenticated attacker could send specially crafted credentials that inject shell commands, which the system would then execute.

The root cause is improper validation of user-supplied input during the authentication process. This makes it possible for a threat actor to deliver malicious input during login that is processed by the configured RADIUS server. Cisco notes that a successful attack could lead to high-privilege command execution.

This security gap only affects FMC versions 7.0.7 and 7.7.0 when RADIUS authentication is enabled for either the web management interface, SSH access, or both. There are no temporary fixes—customers must install Cisco’s provided security updates. The vulnerability was discovered internally by Cisco’s Brandon Sakai during security testing.

Other Resolved High-Severity Issues

In addition to CVE-2025-20265, Cisco addressed several other vulnerabilities, most with CVSS scores of 8.5–8.6, including:

• CVE-2025-20217 – Denial-of-Service in Snort 3 for Cisco Secure Firewall Threat Defense Software.

• CVE-2025-20222 – IPv6 over IPsec DoS in ASA and Secure Firewall Threat Defense for Firepower 2100 Series.

• CVE-2025-20224 / 20225 / 20239 – IKEv2 DoS in Cisco IOS, IOS XE, ASA, and Threat Defense Software.

• CVE-2025-20133 / 20243 – Remote Access SSL VPN DoS in ASA and Threat Defense Software.

• CVE-2025-20134 – SSL/TLS Certificate DoS in ASA and Threat Defense Software.

• CVE-2025-20136 – NAT DNS Inspection DoS in ASA and Threat Defense Software.

• CVE-2025-20263 – Web Services DoS in ASA and Threat Defense Software.

• CVE-2025-20148 – HTML Injection in FMC Software.

• CVE-2025-20251 – VPN Web Server DoS in ASA and Threat Defense Software.

• CVE-2025-20127 – TLS 1.3 Cipher DoS in Firepower 3100 and 4200 Series.

• CVE-2025-20244 – Remote Access VPN Web Server DoS in ASA and Threat Defense Software.

While Cisco reports no evidence of these flaws being exploited in active attacks, the company advises prompt patching, as networking equipment is a frequent target for threat actors.