Olemedia/iStock/Getty Images Plus via Getty Images
ZDNET's key takeaways
Cisco's Secure Firewall Management Center security hole is as bad as they get.
There is no mitigation and no workaround. Patch immediately.
So far, no confirmed active exploits have been confirmed.
Get more in-depth ZDNET tech coverage: Add us as a preferred Google source on Chrome and Chromium browsers.
Do you use Cisco's Secure Firewall Management Center (FMC) software? If your company operates a serious network using Cisco products -- and with Cisco's 76%+ market share of high-end networking, chances are that you do -- you must patch it. Not over the weekend. Not Monday. Right now.
Also: Microsoft patches more than 100 Windows security flaws - update your PC now
Cisco has just patched a critical command injection vulnerability (CVE-2025-20265) in FMC. How critical is critical? Let's put it this way: It has a Common Vulnerability Scoring System (CVSS) score of 10.0, which is the highest possible risk rating in vulnerability scoring. Specifically, the flaw affects FMC versions 7.0.7 and 7.7.0 that have been configured for RADIUS authentication on the web-based or SSH management interface.
RADIUS is the de facto standard for network authentication. It's the most common implementation used to enable 802.1X access control management. In other words, if you use FMC, it's almost a certainty you're using RADIUS, which means you're vulnerable.
... continue reading