Cisco disclosed a critical remote shell command injection vulnerability (CVE-2025-20265) in its Secure Firewall Management Center (FMC) software affecting versions 7.0.7 and 7.7.0 with RADIUS authentication enabled. The flaw allows unauthenticated attackers to execute arbitrary shell commands remotely by exploiting insufficient input validation in the RADIUS subsystem. Cisco urges immediate patching as no workarounds exist, recommending disabling RADIUS authentication temporarily if necessary.