CVE-2025-20148 Cisco Secure Firewall Management Center HTML Injection Vulnerability

🗓️ 14 Aug 2025 16:28:24Reported by ciscoType

CVE-2025-20148 Cisco FMC HTML injection; auth attacker can inject HTML into docs read files forgery.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2025-20148	14 Aug 202518:01	–	circl
Cisco	Cisco Secure Firewall Management Center Software HTML Injection Vulnerability	14 Aug 202516:00	–	cisco
CNNVD	Cisco Secure Firewall Management Center 输入验证错误漏洞	14 Aug 202500:00	–	cnnvd
CVE	CVE-2025-20148	14 Aug 202516:28	–	cve
EUVD	EUVD-2025-24851	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Cisco Secure Firewall Software	15 Aug 202508:52	–	ncsc
NVD	CVE-2025-20148	14 Aug 202517:15	–	nvd
Positive Technologies	PT-2025-33316 · Cisco · Cisco Secure Firewall Management Center (Fmc)	14 Aug 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-20148	16 Aug 202517:25	–	redhatcve
The Hacker News	Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution	15 Aug 202506:49	–	thn

[
  {
    "vendor": "Cisco",
    "product": "Cisco Firepower Management Center",
    "versions": [
      {
        "version": "7.2.4",
        "status": "affected"
      },
      {
        "version": "7.0.6",
        "status": "affected"
      },
      {
        "version": "7.2.4.1",
        "status": "affected"
      },
      {
        "version": "7.2.5",
        "status": "affected"
      },
      {
        "version": "7.4.0",
        "status": "affected"
      },
      {
        "version": "7.0.6.1",
        "status": "affected"
      },
      {
        "version": "7.2.5.1",
        "status": "affected"
      },
      {
        "version": "7.4.1",
        "status": "affected"
      },
      {
        "version": "7.2.6",
        "status": "affected"
      },
      {
        "version": "7.4.1.1",
        "status": "affected"
      },
      {
        "version": "7.0.6.2",
        "status": "affected"
      },
      {
        "version": "7.2.7",
        "status": "affected"
      },
      {
        "version": "7.2.5.2",
        "status": "affected"
      },
      {
        "version": "7.2.8",
        "status": "affected"
      },
      {
        "version": "7.4.2",
        "status": "affected"
      },
      {
        "version": "7.2.8.1",
        "status": "affected"
      },
      {
        "version": "7.0.6.3",
        "status": "affected"
      },
      {
        "version": "7.4.2.1",
        "status": "affected"
      },
      {
        "version": "7.2.9",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
sec	www.sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-html-inj-MqjrZrny

14 Aug 2025 16:28Current

CVSS 3.18.5

EPSS0.00081