THREAT ALERT
Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability
Friday, August 15th, 2025
THREAT ALERT
Friday, August 15th, 2025
Cisco has disclosed a critical vulnerability in the RADIUS authentication subsystem of its Secure Firewall Management Center (FMC) software. An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary shell commands at a high privilege level.
DefenseStorm is aware of this critical vulnerability and is actively monitoring the situation. Please see the below content taken directly from Cisco.
Overview
Cisco has disclosed a critical vulnerability in the RADIUS authentication subsystem of its Secure Firewall Management Center (FMC) software. An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary shell commands at a high privilege level.
This vulnerability is caused by improper handling of user input during the authentication process when RADIUS is configured for:
Exploitation does not require authentication and can result in full system compromise.
Affected Versions
Only Cisco Secure FMC 7.0.7 and 7.7.0 are affected, and only if RADIUS authentication is enabled.
Not affected:
Mitigation
No workarounds are availableat this time.
Cisco Advisory: View Full Advisory & Patches
Recommended Actions
At this time, no known public exploitation or active attacks have been observed. However, given the critical nature and CVSS score of 10.0, immediate remediation is strongly recommended.
Change Log
2025-08-15 Initial publish
DefenseStorm Response
DefenseStorm recommends that all customers review the latest Cisco Security Advisory regarding a critical RADIUS remote code execution (RCE) vulnerability affecting Cisco Firepower Management Center (FMC).
We strongly encourage organizations to assess their environment for exposure and determine the appropriate actions based on the advisory’s guidance.
As always, any updates or mitigations should be implemented in accordance with your organization’s internal policies and change control procedures.
Please bookmark: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79 to stay up to date with the latest developments related to this incident.
Diana Rodriguez
Cyber Threat Intelligence Engineer
Diana Rodriguez is a Cyber Threat Intelligence Engineer for DefenseStorm. She joined DefenseStorm in 2019 with 9.5 years of experience in cybersecurity and banking. Diana’s career began at Wells Fargo where she played a pivotal role in protecting financial institutions. Over the 5 years with Wells Fargo, she held diverse positions there, first starting as a teller, then transitioning to become a financial crime analyst, and eventually a cyber security analyst. This experience provided her with a comprehensive understanding of the intricacies of the banking industry and the critical importance of cybersecurity in protecting sensitive data. Diana holds a Bachelor’s degree in computer science from UNCC and a Master’s Degree in Cybersecurity from UNC at Chapel Hill. She completed the MITRE ATT&CK® Defender certifications which provided her with the expertise to effectively apply knowledge of adversary behaviors, enhancing security configurations, analytics, and decision-making to provide the utmost protection for DefenseStorm’s clients. Diana also holds the GIAC Certified Incident Handler and NSE1, and NSE2. During her tenure at DefenseStorm, she has become proficient in the platform, taking an active role in proactively detecting and responding to cyber threats. She’s played a vital role in developing new policies and advanced analytics to detect and prevent potential attacks effectively while educating and empowering customers to optimize the DefenseStorm services to fortify their security measures.