CVE-2025-20265: 
Cisco Secure Firewall Management Center vulnerability analysis and mitigation

A critical vulnerability (CVE-2025-20265) was discovered in Cisco Secure Firewall Management Center (FMC) Software's RADIUS subsystem implementation. The vulnerability was disclosed on August 14, 2025, and received the maximum CVSS score of 10.0. This security flaw affects Cisco Secure FMC Software releases 7.0.7 and 7.7.0 when RADIUS authentication is enabled. The vulnerability was discovered by Brandon Sakai of Cisco during internal security testing (Cisco Advisory).

The vulnerability stems from improper handling of user input during the authentication phase in the RADIUS subsystem. The flaw specifically affects systems configured for RADIUS authentication for either the web-based management interface, SSH management, or both. With a CVSS base score of 10.0 (Critical) and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, the vulnerability is classified under CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) (NVD, Cisco Advisory).

A successful exploitation of this vulnerability allows an unauthenticated, remote attacker to execute arbitrary shell commands with high privilege level on the affected device. This is particularly concerning as FMC is a centralized management platform used by large enterprises, managed service providers, government agencies, and educational institutions to manage their network security products (The Register).

Cisco has released software updates that address this vulnerability. If immediate patching is not possible, the recommended mitigation is to disable RADIUS authentication and use alternative authentication methods such as local user accounts, external LDAP authentication, or SAML single sign-on (SSO). However, customers should evaluate the applicability and potential impact before implementing any mitigations in their environment (Arctic Wolf, Cisco Advisory).

The vulnerability has garnered significant attention in the cybersecurity community due to its maximum severity rating. Security researchers have noted that this is part of Cisco's summer of perfect 10 vulnerabilities, following other critical issues in their products. There is particular concern given the history of government-backed attackers, notably from China, targeting Cisco networking devices (The Register).