Cisco discloses maximum-severity defect in firewall software | CyberScoop<\/title> <meta name=\"description\" content=\"The vulnerability, which Cisco said it discovered during internal security testing, could allow unauthenticated attackers to execute high-privilege commands.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/cisco-vulnerability-secure-firewall-management-center\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Cisco discloses maximum-severity defect in firewall software\"> <meta property=\"og:description\" content=\"The vulnerability, which Cisco said it discovered during internal security testing, could allow unauthenticated attackers to execute high-privilege commands.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/cisco-vulnerability-secure-firewall-management-center\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-08-15T17:04:46+00:00\"> <meta property=\"article:modified_time\" content=\"2025-08-15T17:04:49+00:00\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cisco-discloses-maximum-severity-defect-in-firewall-software-2.jpg\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1754500264g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1755021799g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1753281318g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/85594\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=85594\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcisco-vulnerability-secure-firewall-management-center%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcisco-vulnerability-secure-firewall-management-center%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-85594 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/cisco-vulnerability-secure-firewall-management-center\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.941926345609\">\n<div class=\"single-article__header-content\" readability=\"32.297297297297\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/cisco-vulnerability-secure-firewall-management-center\/\"> <span>Technology<\/span> <\/a> <\/li>\n<\/ul>\n<p> The vulnerability, which Cisco said it discovered during internal security testing, could allow unauthenticated attackers to execute high-privilege commands. <\/p>\n<p>   <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cisco-discloses-maximum-severity-defect-in-firewall-software.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"Cisco logo sits illuminated at MWC Barcelona on February 28, 2022. (David Ramos\/Getty Images)\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cisco-discloses-maximum-severity-defect-in-firewall-software-2.jpg 4176w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cisco-discloses-maximum-severity-defect-in-firewall-software-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cisco-discloses-maximum-severity-defect-in-firewall-software-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cisco-discloses-maximum-severity-defect-in-firewall-software-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cisco-discloses-maximum-severity-defect-in-firewall-software-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cisco-discloses-maximum-severity-defect-in-firewall-software-2.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cisco-discloses-maximum-severity-defect-in-firewall-software-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cisco-discloses-maximum-severity-defect-in-firewall-software-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cisco-discloses-maximum-severity-defect-in-firewall-software-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cisco-discloses-maximum-severity-defect-in-firewall-software-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cisco-discloses-maximum-severity-defect-in-firewall-software-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Cisco logo sits illuminated at MWC Barcelona on February 28, 2022. (David Ramos\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"40.359045773795\"><body readability=\"82.539288668321\"><\/p>\n<p>Cisco disclosed a maximum-severity vulnerability affecting its Secure Firewall Management Center Software that could allow unauthenticated attackers to inject arbitrary shell commands and execute high-privilege commands, the vendor said in a <a href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-fmc-radius-rce-TNBKf79\">security advisory<\/a> Thursday. <\/p>\n<p>The enterprise networking vendor said it discovered the vulnerability \u2014 CVE-2025-20265 \u2014 during internal security testing. Cisco released a <a href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/viewErp.x?alertId=ERP-75415\">patch for the defect<\/a> along with a series of 29 vulnerabilities in other Cisco Secure technologies. <\/p>\n<p>\u201cTo date, Cisco\u2019s Product Security Incident Response Team (PSIRT) is not aware of any malicious use or exploitation of this vulnerability, and we strongly urge customers to upgrade to update releases,\u201d a Cisco spokesperson told CyberScoop. \u201cIf an immediate upgrade is not feasible, implement a mitigation as outlined in the advisory.\u201d<\/p>\n<p>The disclosure marks yet another vulnerability in a widely used edge technology \u2014 a common and persistent point of intrusion for attackers. Edge technologies, including VPNs, firewalls and routers, harbored the <a href=\"https:\/\/cyberscoop.com\/mandiant-m-trends-2025\/\">four most frequently exploited vulnerabilities<\/a> in 2024, according to Mandiant\u2019s M-Trends report released earlier this year. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cAnytime you see \u2018remote, unauthenticated command injection,\u2019 you should be concerned,\u201d Nathaniel Jones, VP of security and AI strategy at Darktrace, told CyberScoop. \u201cThese are exactly the types of vulnerabilities that pose significant danger because they are highly attractive to nation-state actors like Salt Typhoon \u2014 and such groups are likely to move quickly to exploit them.\u201d <\/p>\n<p>Darktrace hasn\u2019t observed exploitation in the wild, nor is it aware of a proof-of-concept exploit. \u201cBut, this type of vulnerability means the clock is ticking. I\u2019d bet a proof-of-concept is available come Monday,\u201d Jones said. <\/p>\n<p>The remote-code execution vulnerability, which has a CVSS rating of 10, involves improper handling of user input during the authentication phase. \u201cFor this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS (remote authentication dial-in user service) authentication for the web-based management interface, SSH (secure shell) management, or both,\u201d Cisco said in the advisory.<\/p>\n<p>The vulnerability affects Cisco Secure FMC Software versions 7.0.7 and 7.7.0 with RADIUS authentication enabled. The platform allows customers to configure, monitor, manage and update firewall controls. <\/p>\n<p>\u201cThe vulnerability means that no credential is needed nor proximity, and you can get full privileges,\u201d Jones added. \u201cThe improper-input handling could let an attacker craft authentic packets containing malicious payloads that escape the intended command context and run arbitrary OS commands.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The vendor said there are no workarounds for the vulnerability, and it confirmed the defect does not affect Cisco Secure Firewall Adaptive Security Appliance Software or Cisco Secure Firewall Threat Defense Software.<\/p>\n<p>Jones said the maximum-severity vulnerability accentuates the unflattering security posture of edge devices and their development lifecycles. \u201cIt just reinforces why they\u2019re attacked \u2014 because they sit at network boundaries where attackers can reach them without stepping inside first, often have high privileges and broad visibility and the gatekeeper can bypass multiple layers of security at once,\u201d he said.<\/p>\n<p>Cisco encouraged customers to determine exposure to CVE-2025-20265 and other vulnerabilities by running the <a href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/softwarechecker.x\">Cisco Software Checker<\/a>, which identifies vulnerabilities impacting specific software releases.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.5748502994012\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cisco-discloses-maximum-severity-defect-in-firewall-software-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/cisco-vulnerability-secure-firewall-management-center\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cisco discloses maximum-severity defect in firewall software | CyberScoop Skip<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1764,78,3721,2182,3119,4816,256,3587,310,288,643,703],"tags":[1769,86,3722,2185,3120,4817,262,3589,311,294,645,705],"class_list":["post-7901","post","type-post","status-publish","format-standard","hentry","category-cisco","category-cybersecurity","category-darktrace","category-edge-devices","category-firewall","category-patch-management","category-research","category-security-patch","category-technology","category-threats","category-vulnerabilities","category-vulnerability-disclosure","tag-cisco","tag-cybersecurity","tag-darktrace","tag-edge-devices","tag-firewall","tag-patch-management","tag-research","tag-security-patch","tag-technology","tag-threats","tag-vulnerabilities","tag-vulnerability-disclosure"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisco\/\" rel=\"category tag\">Cisco<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/darktrace\/\" rel=\"category tag\">Darktrace<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/edge-devices\/\" rel=\"category tag\">edge devices<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/firewall\/\" rel=\"category tag\">firewall<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/patch-management\/\" rel=\"category tag\">patch management<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/security-patch\/\" rel=\"category tag\">security patch<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-disclosure\/\" rel=\"category tag\">vulnerability disclosure<\/a>","tag_info":"vulnerability disclosure","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7901","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7901"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7901\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7901"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7901"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7901"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7901,"date":"2025-08-15T12:04:46","date_gmt":"2025-08-15T17:04:46","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=85594"},"modified":"2025-08-15T12:04:46","modified_gmt":"2025-08-15T17:04:46","slug":"cisco-discloses-maximum-severity-defect-in-firewall-software","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/08\/15\/cisco-discloses-maximum-severity-defect-in-firewall-software\/","title":{"rendered":"Cisco discloses maximum-severity defect in firewall software"},"content":{"rendered":"