SB2025081493 - Remote code execution in Secure Firewall Management Center RADIUS implementation

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-ID: CVE-2025-20265)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation in the RADIUS subsystem implementation during the authentication phase. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.

Note, for this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both.

Remediation

Install update from vendor's website.

References

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79
• https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwo91250