—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Code Injection Vulnerability in CISCO 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Cisco Secure FMC Software

Overview

A vulnerability has been reported in web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating Cisco Secure Firewall Management Center (FMC) Software.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

This vulnerability exists due to improper validation of user-supplied data. An attacker could exploit this vulnerability by submitting malicious content to an affected device and using the device to generate a document that contains sensitive information.

Successful exploitation of this vulnerability could allow the attacker to alter the standard layout of the device-generated documents, read arbitrary files from the underlying operating system, and conduct server-side request forgery (SSRF) attacks. 

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-html-inj-MqjrZrny

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-html-inj-MqjrZrny

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-html-inj-MqjrZrny

CVE Name

CVE-2025-20148

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmipzN0ACgkQ3jCgcSdc

ys8LAA//RNStODZ1rnE/cd6dafitmqJSldrzbXHzAPuz06E5JiVJcS7aAqJd/LzA

bW4s13xCSLllYbkxsJQdFesegyMMZIX35E2L4R9REqXcC9dF/bjUHxAxuSsvSyxc

74h2lJkWOrfEh/L1cgSzQhryiKUqnxcLEXqM5oHcmgXzzvJdSAAP4eM6B0j7x41/

73LUBXN/NK6WnwdwvVjrEch7WPlRfT6qxG4BJYqkNnyZotEpBt8Ls6vH9696lhrA

O2cZqxTHeRVMVecrn3tt4FNgIuP3vCcA62YoWDauF6xBxZBhImsyfJR9StQyiLBI

rCi25KQfmP9RxJfN6oiponn/dZWMf4WF5Yt+FUV6LeEAUp2gUx2Lz3ZLa/mGw8Jk

QlefFomIdKGBNvc3SA+2aHNJZMpaS9/MD1i/Dx0uJ/zgr865j7vKHp6g0ppMSfSO

r49qscJqIJFc/ITrVynIlvr5PO1dc+9cp03Bqyn1X8Blm+uo3zf95SxL0MNoV3m9

i9OKvgIv+rFvOh/D1cVfex4Nz9Ankxeq9I2RukOiUT/tkS2ghajCaqc0Pg2PyFgk

9UR4Oh5XF+qprSiSM6tWKH86mB7gqeGct6Av5UDE/RIqxM/mehWMn8MVSRSE6KPa

i1aomDNqTk9+oFJRqC5N9JWXACxTM/GMIu9dwRWkN0Zo9tKzelM=

=4BuH

—–END PGP SIGNATURE—–