Identity & Access Management,
Network Firewalls, Network Access Control,
Security Operations
Cisco Secure Firewall Management Centers Exposed to Critical Vulnerability
Cisco has alerted its firewall customers to implement urgent patches following the identification of a critical vulnerability. This flaw poses a grave risk by potentially enabling unauthenticated attackers to gain control over the server.
Cataloged as CVE-2025-20265, the vulnerability impacts instances of Cisco Secure Firewall Management Center that utilize a RADIUS server for user authentication. Cisco indicated that the issue arises from improper user input handling during the authentication process.
This security defect has been rated with the maximum score of 10 on the CVSS scale, suggesting that a successful exploitation could permit attackers to execute commands with elevated privileges. Cisco’s Firewall Management Center is marketed as an integrated system for managing Cisco firewalls across extensive enterprises, and this vulnerability affects versions 7.0.7 and 7.7.0.
The RADIUS protocol, essential for authentication, authorization, and accounting, has been recognized as a standard since the early 1990s but recently came under scrutiny, with research in July 2024 revealing its susceptibility to man-in-the-middle attacks (Widely Used RADIUS Authentication Flaw Enables MITM Attacks).
While Cisco acknowledged there are no immediate workarounds for this vulnerability, adopting alternative authentication methods—like SAML single sign-on or local user accounts—could alleviate the risks associated with this flaw.
Moreover, Cisco’s Product Security Incident Response Team has not detected any instances of active exploitation in the field; however, it is worth noting that attackers frequently reverse-engineer patches shortly after their release. A report from VulnCheck earlier this year revealed that nearly one-third of vulnerabilities were exploited on or before their disclosure date (State of Exploitation).
This critical patch is part of Cisco’s regular semiannual security update, addressing multiple high-severity issues across its firewall product line. The patches are accessible to customers who hold valid support contracts at no extra cost.
In remarks about the vulnerability, Keith King, formerly a lead communications engineer at the White House, highlighted the potential risks associated with such a serious flaw in widely-used network defense products. He emphasized the urgency of immediate patching due to the absence of viable workarounds.
Cisco’s recent history indicates an ongoing need for vigilance, as last month, the company also addressed a maximum-severity vulnerability related to static root credentials in its unified communications managers (Static Credentials Flaw Patched in Cisco Systems).
