Critical Cisco Firewall Security Patch Released to Fix Remote Attack Flaw
The Register
|
Contributed by: Drex DeFord
Summary
Cisco has issued a critical patch for a high-severity vulnerability (CVE-2025-20265) in its Secure Firewall Management Center (FMC) software, which could enable remote, unauthenticated attackers to execute arbitrary shell commands. The vulnerability stems from improper handling of user input by the RADIUS authentication subsystem when configured for web-based and SSH management. Given the widespread use of the FMC in sectors such as enterprise, government, and education, healthcare professionals should be aware of the potential risks associated with compromised network security systems that could lead to unauthorized access and data breaches. Cisco has advised users to apply the patch promptly, although no known exploits have been reported.
