Cisco FMC RADIUS vulnerability poster

Cisco FMC RADIUS Vulnerability Exposes Systems to Remote Code Execution

Security Awareness /

Cisco has issued urgent security patches for a critical Cisco FMC RADIUS vulnerability that received the maximum CVSS score of 10.0. The flaw, tracked as CVE-2025-20265, affects the RADIUS subsystem in Secure Firewall Management Center (FMC) Software and could let unauthenticated attackers execute arbitrary code remotely.

Details of the Cisco FMC RADIUS Vulnerability

The vulnerability stems from improper handling of user input during the authentication process. Attackers can send specially crafted credentials to the RADIUS server, leading to arbitrary shell command injection on affected systems.

Cisco warned that a successful exploit allows execution of commands with high privilege levels. For exploitation to be possible, Cisco Secure FMC Software must be configured for RADIUS authentication on either the web-based management interface, SSH access, or both.

Affected Versions

  • Cisco Secure FMC Software 7.0.7 and 7.7.0 with RADIUS authentication enabled.

There are no workarounds available. Users must apply Cisco’s official patches to mitigate this critical Cisco FMC RADIUS vulnerability. The flaw was discovered internally by Cisco researcher Brandon Sakai.

Additional Cisco Vulnerability Fixes

Alongside CVE-2025-20265, Cisco has addressed multiple other high-severity issues across its firewall and networking products. Key fixes include:

  • CVE-2025-20217 (CVSS 8.6): Snort 3 Denial-of-Service in Cisco Secure Firewall Threat Defense Software.
  • CVE-2025-20222 (CVSS 8.6): IPv6 over IPsec Denial-of-Service affecting Firepower 2100 Series.
  • CVE-2025-20224, CVE-2025-20225, CVE-2025-20239 (CVSS 8.6): IKEv2 Denial-of-Service flaws in Cisco IOS, IOS XE, ASA, and Threat Defense Software.
  • CVE-2025-20133, CVE-2025-20243 (CVSS 8.6): Remote Access SSL VPN Denial-of-Service vulnerabilities in ASA and Threat Defense.
  • CVE-2025-20134 (CVSS 8.6): SSL/TLS Certificate DoS vulnerability in ASA and Threat Defense.
  • CVE-2025-20136 (CVSS 8.6): NAT DNS Inspection Denial-of-Service in ASA and Threat Defense.
  • CVE-2025-20263 (CVSS 8.6): Web Services Denial-of-Service in ASA and Threat Defense.
  • CVE-2025-20148 (CVSS 8.5): HTML Injection in Cisco Secure FMC Software.
  • CVE-2025-20251 (CVSS 8.5): VPN Web Server Denial-of-Service in ASA and Threat Defense.
  • CVE-2025-20127, CVE-2025-20244 (CVSS 7.7): TLS 1.3 Cipher and VPN Web Server Denial-of-Service vulnerabilities in ASA and Threat Defense.

Patch Now to Mitigate Risks

While Cisco confirmed that none of these vulnerabilities are under active exploitation, security appliances are frequent targets for attackers. Organizations using affected software should act swiftly to patch and eliminate exposure to the Cisco FMC RADIUS vulnerability and related flaws.

Leave a Comment

Your email address will not be published. Required fields are marked *