On 14 August 2025, Cisco released fixes for a maximum-severity vulnerability affecting Cisco Secure Firewall Management Center (FMC) Software, tracked as CVE-2025-20265. FMC is the centralised platform used to manage security settings and network devices across Cisco Firepower and ASA deployments.
CVE-2025-20265 results from improper handling of user input during the RADIUS authentication process. An unauthenticated, remote threat actor could exploit this flaw by submitting crafted credentials to the configured RADIUS server, potentially injecting arbitrary shell commands that execute with high privileges on the device. Exploitation is only possible if FMC is configured to use RADIUS authentication for the web-based management interface, SSH management, or both.
While Arctic Wolf has not observed exploitation of this vulnerability or seen a publicly available proof-of-concept, it remains an attractive target for threat actors due to the potential impact of a successful attack. This concern is reinforced by the historical targeting of Cisco products through multiple vulnerabilities, as documented in CISA’s Known Exploited Vulnerabilities catalog.
Recommendation For CVE-2025-20265
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.
| Product | Affected Release | Fixed Release |
| Cisco Secure FMC Software |
|
Fixed releases for your version can be verified using Cisco’s Software Checker |
- Note: CVE-2025-20265 can only be exploited if Cisco Secure FMC Software is configured for RADIUS authentication for the web-based management interface, SSH management, or both.
Please follow your organisation’s patching and testing guidelines to minimise potential operational impact.
Workaround (Optional)
Cisco has stated that CVE-2025-20265 can be mitigated by using alternative authentication methods, such as local user accounts, external LDAP, or SAML single sign-on (SSO). For more details, see the Cisco Secure Firewall Management Center Administration Guide. Customers should evaluate applicability and potential impact before deploying any mitigations or workarounds.
References
Resources
Understand the threat landscape, and how to better defend your organisation, with the 2025 Arctic Wolf Threat Report.
See how Arctic Wolf utilises threat intelligence to harden your attack surface and stop threats earlier and faster.
