Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
Warning: Remote Code Execution & DoS in Cisco Secure Firewall Management Center (FMC), Patch Immediately!
Image
Veröffentlicht : 18/08/2025
- Last update: 18/08/2025
- Affected software:
→ Cisco Secure Firewall Management Center (FMC)
→ Cisco Secure Firewall Adaptive Security Appliance (ASA)
→ Secure Firewall Threat Defense (FTD)
→ Cisco IOS / IOS-XE (also referenced in the bundle)- Type: Remote Code Execution & DoS
- CVE/CVSS
→ CVE-2025-20265: CVSS 10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
→ CVE-2025-20217: CVSS 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
→ CVE-2025-20222: CVSS 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
→ CVE-2025-20244: CVSS 7.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)
→ CVE-2025-20133: CVSS 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
→ CVE-2025-20243: CVSS 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
→ CVE-2025-20134: CVSS 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
→ CVE-2025-20136: CVSS 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
→ CVE-2025-20251: CVSS 8.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H)
→ CVE-2025-20224: CVSS 5.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)
→ CVE-2025-20225: CVSS 5.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)
→ CVE-2025-20263: CVSS 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
→ CVE-2025-20127: CVSS 7.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)
→ CVE-2025-20148: CVSS 8.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N)
Sources
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79
https://www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-flaw-in-firewall-management-center/
Risks
Multiple critical vulnerabilities have been discovered in Cisco Secure Firewall Management Center (FMC) Software. The most serious flaw allows unauthorized attackers to take control of the system, while others could disrupt operations and cause downtime.
FMC is a key tool used by organizations to secure and monitor their networks.
If exploited this could lead to data breaches, system compromise, and operational downtime impacting confidentiality, integrity, and availability of critical businesses.
Description
Cisco Secure Firewall Management Center (FMC)
CVE-2025-20265: Critical RADIUS subsystem command-injection (unauthenticated remote RCE).
CVE-2025-20148: HTML-injection / ability to embed arbitrary HTML in generated documents (requires valid credentials).
FMC is used to manage/monitor firewalls across the estate. These flaws could allow attackers to run commands on the management appliance or manipulate reports/documents, both carry high business risk. Patches are available from Cisco.
Cisco Secure Firewall Adaptive Security Appliance (ASA) & Secure Firewall Threat Defense (FTD)
Denial-of-Service / reload / crash risks (DoS): CVE-2025-20217, CVE-2025-20222, CVE-2025-20244, CVE-2025-20133, CVE-2025-20243, CVE-2025-20134, CVE-2025-20136, CVE-2025-20251, CVE-2025-20263, CVE-2025-20127.
These vulnerabilities primarily allow attackers to crash or degrade firewall appliances (DoS) and, in at least one FMC-related case, gain command execution. Service interruptions could block remote access, drop VPNs, and interrupt business continuity. Apply Cisco’s updates immediately.
Cisco IOS / IOS-XE (also referenced in the bundle)
CVE-2025-20224 and CVE-2025-20225: IKEv2 / IPsec parsing issues that affect IOS, IOS-XE, ASA, and FTD (can cause memory leaks or reloads causing DoS).
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79
https://www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-flaw-in-firewall-management-center/