Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Cisco Secure Firewall Management Centre
Alerts

Critical Vulnerability in Cisco Secure Firewall Management Centre

17 August 2025

Cisco has released security updates addressing a critical vulnerability (CVE-2025-20265) in its Secure Firewall Management Centre (FMC) Software.

Background

Cisco has released security updates addressing a critical vulnerability (CVE-2025-20265) in its Secure Firewall Management Centre (FMC) Software. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 10 out of 10.

Impact

Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. 

Affected Products

The vulnerability affects Cisco Secure FMC Software releases 7.0.7 and 7.7.0 configured with Remote Authentication Dial-In User Service (RADIUS) authentication for the web-based management interface, SSH management, or both.

Mitigation

Users and administrators of affected products are advised to update to the latest versions immediately.

If patching is not feasible, users should switch to an alternative authentication, such as local user accounts, external Lightweight Directory Access Protocol (LDAP) authentication, or Security Assertion Markup Language single sign-on (SAML SSO).

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79

https://nvd.nist.gov/vuln/detail/CVE-2025-20265

https://thehackernews.com/2025/08/cisco-warns-of-cvss-100-fmc-radius-flaw.html

Back to top