Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

Source: The Hacker News

Author: info@thehackernews.com (The Hacker News)

URL: https://thehackernews.com/2025/08/cisco-warns-of-cvss-100-fmc-radius-flaw.html

ONE SENTENCE SUMMARY:

Cisco released security updates to fix critical vulnerabilities in Secure Firewall Management Center Software, including a severe RADIUS subsystem flaw.

MAIN POINTS:

1. Cisco released updates for a critical flaw in Secure Firewall Management Center Software.
2. The flaw, CVE-2025-20265, has a CVSS score of 10.0.
3. An attacker could inject arbitrary shell commands via the RADIUS subsystem.
4. Proper user input handling was lacking, leading to potential high-privilege command execution.
5. The vulnerability affects Cisco Secure FMC Software releases 7.0.7 and 7.7.0 with RADIUS enabled.
6. No workarounds exist except applying Cisco’s provided patches.
7. Other high-severity vulnerabilities (CVSS 8.6 – 7.7) have also been resolved.
8. These involve various denial-of-service vulnerabilities across several Cisco software components.
9. No active exploitation of these flaws has been reported so far.
10. Users are advised to update to the latest software version promptly.

TAKEAWAYS:

1. Immediate patching is crucial to prevent potential exploits of the critical RADIUS vulnerability.
2. Cisco has addressed multiple high-severity vulnerabilities alongside the critical one.
3. Lack of active exploitations doesn’t negate the urgency of applying updates.
4. Regular security updates are vital for maintaining network security integrity.
5. Monitoring and quick response to security advisories can significantly reduce risk exposure.