- Cisco found a 10/10 error in Secure Firewall Management Center
- It released a patch and advised about possible molds
- No evidence of abuse of wild so far but users still need to be on duty
Cisco recently gained a vulnerability in the maximum severity of its Secure Firewall Management Center (FMC) product and encouraged users to use either patch or mitigation as soon as possible.
FMC is a centralized platform for configuration, monitoring and analysis of Cisco Secure Firewalls, where users can control policies, track threat information and monitor their implementations across end points.
According to CISCO’s new security advice, the vulnerability was discovered in Radius Sunder system’s implementation of FMC. Radius (user service for remote approval call) is a protocol used to authenticate, authorize and explain FMC administrators and VPN users by integrating with an external identity server.
Corrections and mitigation
The error is described as a “incorrect handling of user input during the approval error” which can provide an unauthorized external striker to inject arbitrary Shell commands.
In theory, this could be done by sending designed input when entering the credentials – but the warning here is that FMC must be configured for Radius approval to the web -based management interface, SSH or both for the error to be exploited.
The bad news is that according to Bleeping computerThis configuration is “often used” in corporate and government networks, where administrators want centralized login control and accounting for access to network devices. Therefore, the attack surface could be quite large and the victims are high in the profile.
It is now traced as CVE-2025-20265 and got a severity of 10/10 (critical).
Cisco released a patch to solve the problem and said those who can’t use it should disable the radius approval and replace it with another method, such as local user accounts, external LDAP or the like. The company also said that the moldings turned out to be good in testing, but warned customers to run the tests themselves.
Via Bleeping computer
