【Vulnerability Alert】Cisco Firewall Systems Contain a Critical Information Security Vulnerability (CVE-2025-20265)
publish date :
2025-08-25
update date :
2025-08-25
Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025081811082424 | Publication Time | 2025/08/18 11:16 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/08/18 11:16 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】Cisco Firewall Systems Contain a Critical Information Security Vulnerability (CVE-2025-20265) |
|||
| [Content] Forwarded from TWCERTCC-200-202508-00000011 Cisco Secure Firewall Management Center (FMC) is a centralized management platform used for unified management and monitoring of Cisco firewall products. It provides a complete threat defense overview and supports policy formulation, event analysis, traffic monitoring, and device configuration functions. Cisco released a critical information security vulnerability announcement (CVE-2025-20265, CVSS: 10.0) and issued updated versions. This vulnerability exists in the RADIUS authentication process, allowing unauthenticated remote attackers to inject arbitrary shell commands and cause the device to execute them. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] Cisco Firewall Management Center (FMC) versions 7.0.7, 7.7.0 with RADIUS authentication enabled |
|||
| [Recommended Actions] Apply the fix according to the solution released on the official website: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79 |
|||
| [Reference] https://www.twcert.org.tw/tw/cp-169-10326-bd2b5-1.html |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center