CVE-2025-20306
CVSS 4.9 - MEDIUM
Description
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficient input validation of certain HTTP request parameters that are sent to the web-based management interface. An attacker could exploit this vulnerability by authenticating to the interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute commands as the root user on the affected device. To exploit this vulnerability, an attacker would need Administrator-level credentials.
Affected Products
50 of 95| Vendor | Product | Version |
|---|---|---|
| cisco | secure_firewall_management_center |
6.2.3
|
| cisco | secure_firewall_management_center |
6.2.3.1
|
| cisco | secure_firewall_management_center |
6.2.3.2
|
| cisco | secure_firewall_management_center |
6.2.3.3
|
| cisco | secure_firewall_management_center |
6.2.3.4
|
| cisco | secure_firewall_management_center |
6.2.3.5
|
| cisco | secure_firewall_management_center |
6.2.3.6
|
| cisco | secure_firewall_management_center |
6.2.3.7
|
| cisco | secure_firewall_management_center |
6.2.3.8
|
| cisco | secure_firewall_management_center |
6.2.3.9
|
| cisco | secure_firewall_management_center |
6.2.3.10
|
| cisco | secure_firewall_management_center |
6.2.3.11
|
| cisco | secure_firewall_management_center |
6.2.3.12
|
| cisco | secure_firewall_management_center |
6.2.3.13
|
| cisco | secure_firewall_management_center |
6.2.3.14
|
| cisco | secure_firewall_management_center |
6.2.3.15
|
| cisco | secure_firewall_management_center |
6.2.3.16
|
| cisco | secure_firewall_management_center |
6.2.3.17
|
| cisco | secure_firewall_management_center |
6.2.3.18
|
| cisco | secure_firewall_management_center |
6.4.0
|
| cisco | secure_firewall_management_center |
6.4.0.1
|
| cisco | secure_firewall_management_center |
6.4.0.2
|
| cisco | secure_firewall_management_center |
6.4.0.3
|
| cisco | secure_firewall_management_center |
6.4.0.4
|
| cisco | secure_firewall_management_center |
6.4.0.5
|
| cisco | secure_firewall_management_center |
6.4.0.6
|
| cisco | secure_firewall_management_center |
6.4.0.7
|
| cisco | secure_firewall_management_center |
6.4.0.8
|
| cisco | secure_firewall_management_center |
6.4.0.9
|
| cisco | secure_firewall_management_center |
6.4.0.10
|
| cisco | secure_firewall_management_center |
6.4.0.11
|
| cisco | secure_firewall_management_center |
6.4.0.12
|
| cisco | secure_firewall_management_center |
6.4.0.13
|
| cisco | secure_firewall_management_center |
6.4.0.14
|
| cisco | secure_firewall_management_center |
6.4.0.15
|
| cisco | secure_firewall_management_center |
6.4.0.16
|
| cisco | secure_firewall_management_center |
6.4.0.17
|
| cisco | secure_firewall_management_center |
6.4.0.18
|
| cisco | secure_firewall_management_center |
6.6.0
|
| cisco | secure_firewall_management_center |
6.6.0.1
|
| cisco | secure_firewall_management_center |
6.6.1
|
| cisco | secure_firewall_management_center |
6.6.3
|
| cisco | secure_firewall_management_center |
6.6.4
|
| cisco | secure_firewall_management_center |
6.6.5
|
| cisco | secure_firewall_management_center |
6.6.5.1
|
| cisco | secure_firewall_management_center |
6.6.5.2
|
| cisco | secure_firewall_management_center |
6.6.7
|
| cisco | secure_firewall_management_center |
6.6.7.1
|
| cisco | secure_firewall_management_center |
6.6.7.2
|
| cisco | secure_firewall_management_center |
7.0.0
|
Showing first 50 of 95 affected products.
Weakness Types
CWE-77
CVE Information
- CVE ID:
CVE-2025-20306- Published:
- 2025-08-14
- Modified:
- 2025-08-25
- CVSS Score:
- 4.9
- Severity:
- MEDIUM
- Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Affected Vendors
cisco
Quick Actions
CVSS Severity Scale
0.0 - 3.9
LOW
4.0 - 6.9
MEDIUM
7.0 - 8.9
HIGH
9.0 - 10.0
CRITICAL