CVE-2025-20220: 
Cisco Firepower Threat Defense (FTD) vulnerability analysis and mitigation

A vulnerability (CVE-2025-20220) was discovered in the Command Line Interface (CLI) of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software. The vulnerability was disclosed on August 14, 2025, and is classified as a command injection vulnerability with a CVSS base score of 6.0 (Medium). The vulnerability affects Cisco devices running vulnerable releases of Cisco Secure FMC Software or Secure FTD Software, regardless of the device configuration (Cisco Advisory, NVD).

The vulnerability (CWE-78) stems from improper input validation for specific CLI commands. The issue allows an authenticated attacker with valid Administrator credentials to inject operating system commands into legitimate commands. The vulnerability has been assigned a CVSS v3.1 vector of CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N, indicating local access requirements, high privileges needed, and potential for high confidentiality and integrity impacts (Cisco Advisory).

A successful exploitation of this vulnerability could allow an attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system as root. This is particularly impactful in deployments where administrators are prevented from accessing expert mode, such as multi-instance deployments or systems configured with the system lockdown-sensor command (Cisco Advisory).

Cisco has released software updates that address this vulnerability. No workarounds are available that address this vulnerability. Customers are advised to regularly consult the advisories for Cisco products and ensure that their devices have sufficient memory and compatible hardware configurations before upgrading (Cisco Advisory).