Cisco has published more than 20 security advisories as part of its August 2025 bundled publication for Secure Firewall Management Center (FMC), Secure Firewall Threat Defense (FTD), and Secure Firewall Adaptive Security Appliance (ASA) products.
The most serious vulnerability — based on its severity rating — is CVE-2025-20265, a critical flaw affecting the Secure FMC platform designed for managing and monitoring Cisco FTD appliances and other security solutions.
The weakness impacts Secure FMC instances that have Radius authentication enabled. It can be exploited by a remote, unauthenticated attacker for arbitrary code execution.
“This vulnerability is due to a lack of proper handling of user input during the authentication phase,” Cisco explained. “An attacker could exploit this vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server. A successful exploit could allow the attacker to execute commands at a high privilege level.”
Cisco has also addressed more than a dozen high-severity vulnerabilities in its FMC, FTD and ASA products.
A majority can be exploited by unauthenticated attackers for remote DoS attacks. Others can be exploited for DoS attacks, but only by authenticated attackers.
A high-severity FMC issue allows an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document, read arbitrary files from the operating system, and conduct SSRF attacks.
Eleven medium-severity vulnerabilities have been addressed by Cisco in its security products.
Cisco has released patches for these vulnerabilities and it also provides a software checker tool to help customers identify impacted products and the required fixes.
The networking giant said there was no evidence that these vulnerabilities have been exploited in the wild. Additional details are available in Cisco’s advisories.
Cisco customers were informed recently that hackers had started targeting critical vulnerabilities in Identity Services Engine (ISE), less than a month after patches were released.
Related: Cisco Warns of Hardcoded Credentials in Enterprise Software
Related: Cisco Says User Data Stolen in CRM Hack
Related: AI Guardrails Under Fire: Cisco’s Jailbreak Demo Exposes AI Weak Points
