ZDNET’s key takeaways

• Cisco’s Safe Firewall Management Center security hole is as dangerous as they get.
• There isn’t any mitigation and no workaround. Patch instantly.
• To this point, no confirmed lively exploits have been confirmed.

Get extra in-depth ZDNET tech protection: Add us as a preferred Google source on Chrome and Chromium browsers.

Do you utilize Cisco’s Secure Firewall Management Center (FMC) software program? If your organization operates a severe community utilizing Cisco merchandise — and with Cisco’s 76%+ market share of excessive-finish networking, chances are high that you simply do — you should patch it. Not over the weekend. Not Monday. Proper now.

Additionally: Microsoft patches greater than 100 Home windows security flaws – replace your PC now

Cisco has simply patched a critical command injection vulnerability (CVE-2025-20265) in FMC. How critical is critical? Let’s put it this manner: It has a Widespread Vulnerability Scoring System (CVSS) rating of 10.0, which is the best potential threat ranking in vulnerability scoring. Particularly, the flaw impacts FMC variations 7.0.7 and seven.7.0 which were configured for RADIUS authentication on the net-based mostly or SSH administration interface.

RADIUS is the de facto normal for community authentication. It is the most typical implementation used to allow 802.1X entry management administration. In different phrases, for those who use FMC, it is nearly a certainty you are utilizing RADIUS, which suggests you are weak.

The issue is that as a result of the software program did not sanitize person enter in the RADIUS authentication part, attackers can send crafted credentials that will be executed as high-privileged shell commands. If abused appropriately, this will grant anybody full management over the firewall administration middle.

Additionally: This notorious folks search web site is again after leaking 3 billion information – take away your information from it ASAP

Including insult to harm, attackers can exploit the flaw with none prior system entry or legitimate credentials. I repeat: with none prior system entry or legitimate credentials.

It is a security nightmare. As soon as a hacker has full management over firewall administration, they’ll do just about something they need to each the firewall and the remainder of your community.

The one bit of fine information is that Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software are usually not affected. 

Oh, and by the way in which, Cisco states, “There aren’t any workarounds that handle this vulnerability.” You need to patch this system. Now. 

Cisco reviews that there have been no confirmed lively exploits in the wild thus far. Give it time. The knowledge in the security report is greater than sufficient for a intelligent hacker to determine exploit this security hole.

So, as soon as extra and with feeling, patch it. Patch it now. 

Additionally: Do not fall for AI-powered disinformation assaults on-line – here is keep sharp

Cisco clients with service contracts that entitle them to common software program updates ought to get hold of security fixes by their regular replace channels. Nevertheless, given how deep this hole goes, Cisco can also be providing the patch totally free. In both case, take the next steps:

1. Go to the official Cisco Security Advisory for CVE-2025-20265.

2. Log in together with your Cisco account linked to your group’s assist contract.

3. Use the Cisco Software program Checker software or test the Obtain part of the advisory to establish the particular mounted launch to your equipment/model.

4. Obtain and set up the FMC software program replace to your deployment — patched variations for 7.0.7 and seven.7.0 are supplied.

You realize what to do now. Get on with it.