CVE-2025-20302: 
Cisco Secure Firewall Management Center vulnerability analysis and mitigation

A vulnerability (CVE-2025-20302) was discovered in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software. The vulnerability was disclosed on August 14, 2025, affecting Cisco Secure FMC Software when configured for multitenancy using domains. This security flaw allows an authenticated, low-privileged, remote attacker to retrieve generated reports from different domains due to missing authorization checks (Cisco Advisory).

The vulnerability is classified as CWE-862 (Missing Authorization) and has received a CVSS v3.1 Base Score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The security flaw stems from insufficient authorization checks in the web-based management interface, specifically affecting systems configured for multitenancy using domains (NVD, Cisco Advisory).

A successful exploitation of this vulnerability allows an attacker to access previously run reports for different domains managed on the same Cisco Secure FMC instance, potentially exposing sensitive activity records from those domains (Cisco Advisory).

Cisco has released software updates that address this vulnerability. No workarounds are available for this vulnerability. Customers are advised to regularly consult the advisories for Cisco products and ensure their devices have sufficient memory and compatible hardware/software configurations before upgrading (Cisco Advisory).