CVE-2025-20265

Aug. 15, 2025, 1:12 p.m.

10.0
Critical

Description

A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device.  This vulnerability is due to a lack of proper handling of user input during the authentication phase. An attacker could exploit this vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server. A successful exploit could allow the attacker to execute commands at a high privilege level. Note: For this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both.

Product(s) Impacted

Vendor Product Versions
Cisco
  • Firewall Management Center
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a cisco firewall_management_center / / / / / / / /

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79

Tags

CWE-74
psirt@cisco.com
2025-08-14
CVE-2025-20265

CVSS Score

10.0 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: CHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

    View Vector String

Timeline

Published: Aug. 14, 2025, 5:15 p.m.
Last Modified: Aug. 15, 2025, 1:12 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@cisco.com

Linked Attack Reports

GPUGate Malware: Malicious GitHub Desktop Implants Use Hardware-Specific Decryption, Abuse Google Ads to Target Western Europe

A sophisticated malware campaign dubbed 'GPUGate' has been uncovered, targeting Western European IT professionals through malicious Google Ads mimicking GitHub Desktop. The attack leverages GitHub's repository structure and a GPU-gated decryption mechanism to evade analysis. The malware, a 128 MB M…
malvertising
anti-analysis
amos stealer
2025-09-08
gpugate
gpu-gated decryption
opencl
western europe
Published: September 8, 2025
Linked vulnerabilities : CVE-2025-20265 (CVSS 10.0), CVE-2025-7775 (CVSS 9.2)
Downloadable IOCs: 42

August Vulnerabilities of Note

In August 2025, eighteen high-impact vulnerabilities were identified for prioritized remediation, down from 22 in July. The month saw a focus on Citrix and D-Link flaws, with active exploitation of Citrix NetScaler products and D-Link routers. OS Command Injection was the most common weakness. One …
vulnerability
command injection
exploitation
remote code execution
snipbot
rustyclaw
patch management
deserialization
CVE-2025-8088
CVE-2025-25256
CVE-2025-8875
CVE-2025-8876
CVE-2025-20265
CVE-2025-7775
2025-09-15
mythic c2 agent
Published: September 15, 2025
Linked vulnerabilities : CVE-2024-8068, CVE-2024-8069 (CVSS 8.8), CVE-2025-54948 (CVSS 9.4), CVE-2025-8088, CVE-2024-26009 (CVSS 8.1), CVE-2025-25256 (CVSS 9.8), CVE-2025-8875 (CVSS 9.4), CVE-2025-8876 (CVSS 9.4), CVE-2025-20265 (CVSS 10.0), CVE-2025-43300 (CVSS 8.8), CVE-2025-7775 (CVSS 9.2), CVE-2025-7776 (CVSS 8.8), CVE-2025-8424 (CVSS 8.7), CVE-2025-57819, CVE-2007-0671, CVE-2013-3893, CVE-2020-25079, CVE-2020-25078, CVE-2025-48384, CVE-2022-40799
Downloadable IOCs: 11

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.