• Cisco disclosed CVE-2025-20265, a remote code execution vulnerability in Secure Firewall Management Center (FMC) with a CVSS score of 10.0.
• The flaw can be exploited by an unauthenticated attacker when RADIUS authentication is enabled for FMC’s web or SSH management.
• Impacted versions are 7.0.7 and 7.7.0, with no reports of exploitation in the wild.
• Cisco has released software updates; disabling RADIUS and using alternatives is recommended until patching is complete.
• The disclosure is part of a wider set of August 2025 security updates for multiple Cisco products.

Cisco has addressed a critical vulnerability in its Secure Firewall Management Center software that could allow remote attackers to gain complete control over affected systems. The flaw, tracked as CVE-2025-20265, has been assigned the highest possible CVSS base score of 10.0, reflecting the severity of the potential impact.

The issue resides in FMC’s RADIUS authentication subsystem. RADIUS, widely used for centralized login and accounting, is common in enterprise and government network environments. According to Cisco’s security advisory, the vulnerability is triggered when the system improperly validates user-supplied input during the authentication process. An attacker could exploit this weakness to execute arbitrary shell commands on the underlying operating system with elevated privileges.

Only FMC versions 7.0.7 and 7.7.0 are affected, and only if RADIUS authentication is enabled for web-based or SSH management. If RADIUS is disabled, the flaw cannot be exploited. Cisco notes that the issue was identified internally by security researcher Brandon Sakai, and there are currently no indications it has been exploited in the wild.

To mitigate the risk, Cisco has released software updates for affected versions. Customers with active service contracts can download the patches through standard Cisco channels. In environments where immediate patching is not feasible, Cisco advises disabling RADIUS authentication and switching to other supported authentication methods such as local user accounts, LDAP, or SAML single sign-on. The company warns that any changes to authentication should be carefully tested to prevent unintended disruptions to access.

This vulnerability was disclosed alongside a broader set of updates covering 29 vulnerabilities in Cisco products, including FMC, ASA, and Firepower Threat Defense software. Thirteen of these are rated high severity. Issues addressed include denial-of-service flaws in IPv6 over IPsec and SSL VPN features, HTML injection in the FMC web interface, NAT DNS inspection errors, and TLS 1.3 cipher handling problems. While none of these high-severity flaws are known to be exploited, Cisco recommends applying patches as soon as possible to reduce potential attack surfaces.

CVE-2025-20265 is notable not only for its technical severity but also for the context in which it exists. Security teams in organizations that use FMC often rely on RADIUS authentication to unify credential management across different platforms. This means the feature is widely enabled in networks that place a premium on centralized control—precisely the environments where attackers would benefit most from exploiting such a flaw.

The vulnerability’s CVSS score of 10.0 indicates that an attack could be carried out remotely without user interaction, and that a successful exploit could lead to full system compromise. Although CVSS scores are only one measure of risk, they can be useful for prioritizing patching. In this case, the combination of remote, unauthenticated access and potential administrative control makes the flaw a high priority for remediation.

Cisco’s recommendation to disable RADIUS if patching cannot be done immediately is practical but may present operational challenges. In some organizations, switching to LDAP or SAML may require coordination with identity management teams or changes to existing security policies. Still, temporarily disabling the vulnerable feature until the fix can be deployed may significantly reduce exposure.

The case also illustrates the ongoing importance of monitoring vendor advisories and updating network management systems promptly. Centralized management platforms like FMC are attractive targets for attackers because they can provide a single point of control over large numbers of security devices. An attacker who compromises the FMC may be able to alter firewall rules, disable security monitoring, or pivot into other parts of the network.

While Cisco has no evidence that CVE-2025-20265 is being exploited, the disclosure itself can prompt malicious actors to investigate and attempt to develop working exploits. This makes timely action essential for organizations that could be affected. The company’s clear communication of the affected versions, combined with the availability of patches and workarounds, gives administrators the tools they need to respond effectively.

This advisory underscores the need for layered defenses. Even with the patch applied or RADIUS disabled, security teams should continue to monitor authentication logs, watch for suspicious activity, and validate configuration changes. Segmentation of management networks and limiting FMC access to trusted IP addresses are additional measures that can help reduce the risk from future vulnerabilities.

Cisco’s August 2025 updates highlight the evolving nature of threats facing network infrastructure. While no software is immune to flaws, rapid detection, responsible disclosure, and timely patching can significantly mitigate the damage from vulnerabilities like CVE-2025-20265. For organizations that rely on FMC to manage their firewall environments, prioritizing this update is a prudent step toward maintaining a secure posture.

Learn how AI Agents can supercharge your company’s profits and productivity at TMC’s AI Agent Event, Sept 29-30, 2025 in DC.

If you liked this post, you’ll love one of the the leading global business communications and technology events since 1999, the ITEXPO #TECHSUPERSHOW, Feb 10-12, 2026 Fort Lauderdale, Florida.

Don’t forget the collocated MSP Expo – just for managed service providers!

Aside from his role as CEO of TMC and chairman of ITEXPO #TECHSUPERSHOW Feb 10-12, 2026, Rich Tehrani is CEO of RT Advisors and a Registered Representative (investment banker) with and offering securities through Four Points Capital Partners LLC (Four Points) (Member FINRA/SIPC). He handles capital/debt raises as well as M&A. RT Advisors is not owned by Four Points.

The above is not an endorsement or recommendation to buy/sell any security or sector mentioned. No companies mentioned above are current or past clients of RT Advisors.

The views and opinions expressed above are those of the participants. While believed to be reliable, the information has not been independently verified for accuracy. Any broad, general statements made herein are provided for context only and should not be construed as exhaustive or universally applicable.

Portions of this article may have been developed with the assistance of artificial intelligence, which may have contributed to ideation, content generation, factual review, or editing