CVE-2025-20301: 
Cisco Secure Firewall Management Center vulnerability analysis and mitigation

A vulnerability (CVE-2025-20301) was discovered in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, disclosed on August 14, 2025. This vulnerability affects Cisco Secure FMC Software when configured for multitenancy using domains, allowing an authenticated, low-privileged, remote attacker to access troubleshoot files for a different domain (Cisco Advisory).

The vulnerability stems from missing authorization checks in the web-based management interface. It has been assigned a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified under CWE-862 (Missing Authorization) (NVD, Cisco Advisory).

A successful exploitation of this vulnerability could allow an attacker to retrieve troubleshoot files from a different domain managed on the same Cisco Secure FMC instance, potentially exposing sensitive information contained in these files (Cisco Advisory).

Cisco has released software updates that address this vulnerability. No workarounds are available for this vulnerability. Users are advised to upgrade to a fixed software version and regularly consult Cisco Security Advisories for complete upgrade solutions (Cisco Advisory).