Main Vulnerability Database Exploits ID:11988 - Exploit for Improper Neutralization of Special Elements in Output Used by a Downstream Component in Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC) - CVE-2025-20265

ID:11988 - Exploit for Improper Neutralization of Special Elements in Output Used by a Downstream Component in Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC) - CVE-2025-20265

Published: September 26, 2025

Vulnerability identifier: #VU114092

Vulnerability risk: High

CVE-ID: CVE-2025-20265

CWE-ID: CWE-74

Exploitation vector: Remote access

Vulnerable software:
Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC)

Link to public exploit:

https://github.com/saruman9/cve_2025_20265

Vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation in the RADIUS subsystem implementation during the authentication phase. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.

Note, for this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both.

Remediation

Install updates from vendor's website.

ID:11988 - Exploit for Improper Neutralization of Special Elements in Output Used by a Downstream Component in Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC) - CVE-2025-20265

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human