Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

Threat Score:

The Hacker News

3 hours ago

Part of cluster #1983

Overview

Cisco has released security updates to address a maximum-severity security flaw in Secure Firewall Management Center (FMC) Software that could allow an attacker to execute arbitrary code on affected systems. The vulnerability, assigned the CVE identifierCVE-2025-20265(CVSS score: 10.0), affects the RADIUS subsystem implementation that could permit an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. The networking equipment major said the issue ...

Continue Reading on Original Site

5 articles

Cisco Patches Critical Vulnerability in Firewall Management Platform

SecurityWeek • 3 hours ago

Cisco has released over 20 advisories as part of its August 2025 bundled publication for ASA, FMC and FTD products.

Score

‘Blue Locker’ Ransomware Targeting Oil & Gas Sector in Pakistan

Security Affairs • 2 hours ago

Blue Locker ransomware hits Pakistan’s oil & gas sector, severely impacting Pakistan Petroleum; NCERT warns ministries of severe ongoing risk. This week Pakistan’s National Cyber Emergency Response Team (NCERT – National CERT – Pakistan) has issued an advisory to 39 key ministries and institutions and warned them of a “severe risk” posed by the ongoing […]

Score

Palo Alto GlobalProtect Vulnerability Allows Privilege Escalation via Certificate Bypass

GB Hackers • 1 hour ago

Palo Alto GlobalProtect Vulnerability Allows Privilege Escalation via Certificate Bypass A newly disclosed vulnerability in Palo Alto Networks’ GlobalProtect application could allow attackers to escalate privileges and install malicious software on affected systems through improper certificate validation. The security flaw, tracked asCVE-2025-2183, was published on August 13, 2025, and affects multiple versions of the popular VPN client across Windows and Linux platforms. Critical Security Flaw

Score

Stop Reacting; Start Anticipating: The Global State of Threat Intelligence

Brighttalk • 19 hours ago

Presented by Jitin Shabadu, Forrester Analyst | Jayce Nichols, Director, Intelligence Solutions, Google Threat Intelligence Group

Score

Source Code of ERMAC V3.0 Malware Exposed by ‘changemeplease’ Password

GB Hackers • 2 hours ago

Source Code of ERMAC V3.0 Malware Exposed by ‘changemeplease’ Password A significant security breach has exposed the complete source code of ERMAC V3.0, a sophisticated banking trojan that targets over 700 financial applications worldwide. The leak,discoveredby cybersecurity firm Hunt.io in March 2024, was made possible by a surprisingly weak default password: “changemeplease.” The discovery occurred when Hunt.io researchers identified an open directory containing the complete ERMAC V3.0 source

Score

CVES

CVE-2025-20127

CVE-2025-20133

CVE-2025-20134

CVE-2025-20136

CVE-2025-20148

ATTACK TYPES

Command Injection

Remote Code Execution

VULNERABILITIES

Remote Code Execution

COMPANIES

Cisco

PLATFORMS

Cisco IOS

Cisco Secure Firewall

iOS

MITRE ATT&CK

T1059.003

T1071.001

T1190

T1203

T1486

INDUSTRIES

Information Technology

Network Security

ARTICLE INFORMATION

Article #11902

Published 3 hours ago

The Hacker News

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Save to Folder

Article Intelligence

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Overview

Related Articles

Cisco Patches Critical Vulnerability in Firewall Management Platform

‘Blue Locker’ Ransomware Targeting Oil & Gas Sector in Pakistan

Palo Alto GlobalProtect Vulnerability Allows Privilege Escalation via Certificate Bypass

Stop Reacting; Start Anticipating: The Global State of Threat Intelligence

Source Code of ERMAC V3.0 Malware Exposed by ‘changemeplease’ Password

Save to Folder

Article Intelligence

We use cookies

Cookie Settings

Essential Cookies

Analytics Cookies

Performance Cookies

Marketing Cookies