You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2025-20265
About this tag
CVE-2025-20265 is a critical pre-authentication remote code execution vulnerability in Cisco Secure Firewall Management Center (FMC) software. It allows an unauthenticated attacker to execute arbitrary shell commands on affected appliances when RADIUS authentication is enabled for management interfaces. Cisco has released an urgent patch to address this maximum-severity flaw. The vulnerability is part of a broader trend of increasing CVEs with public exploits, as highlighted by Cyble's weekly scan reporting over 908 new vulnerabilities, with more than 188 having available proofs-of-concept. Security teams are urged to prioritize patching and risk-based action.
Cyble’s latest weekly scan shows a dizzying pace of disclosures and exploitation: researchers tracked 908 new vulnerabilities in the last seven days and report that more than 188 of those already have publicly available proofs‑of‑concept (PoCs), tightening the window defenders have to respond...
Cisco has pushed an urgent patch for a maximum‑severity remote code execution flaw in its Secure Firewall Management Center (FMC) software that allows an unauthenticated attacker to inject and execute arbitrary shell commands on affected appliances when RADIUS authentication is enabled for...