Forwarded by Taiwan Computer Network Crisis Response and Coordination Center (TWCERTCC-200-202508-00000011)

[Content Description]
Cisco Secure Firewall Management Center (FMC) is a centralized management platform for unified management and monitoring of Cisco firewall products. It provides a complete threat defense view and supports policy development, event analysis, traffic monitoring, and device configuration.

Cisco has issued a critical security vulnerability advisory (CVE-2025-20265, CVSS: 10.0) and released an update. This vulnerability, when used for authentication via RADIUS, allows an unauthenticated remote attacker to inject arbitrary shell commands and cause the device to execute commands.

[Affected Platforms]
Cisco Firewall Management Center (FMC) versions 7.0.7 and 7.7.0 with RADIUS authentication enabled

[Recommended Action]
Patch according to the solution released on the official website:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79

[References]
https://www.twcert.org.tw/tw/cp-169-10326-bd2b5-1.html