F5os A
by F5, Inc.
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-53860 | 0.00 | — | 0.00 | Oct 15, 2025 | A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module (HSM) information on F5 rSeries systems. Note: Software versions which have reached End of Technical Support (EoTS) are not… | |||
| CVE-2025-60015 | 0.00 | — | 0.00 | Oct 15, 2025 | An out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that could lead to memory corruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2025-61955 | 0.00 | — | 0.00 | Oct 15, 2025 | A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical… | |||
| CVE-2025-59778 | 0.00 | — | 0.00 | Oct 15, 2025 | When the Allowed IP Addresses feature is configured on the F5OS-C partition control plane, undisclosed traffic can cause multiple containers to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2025-47150 | 0.00 | — | 0.00 | Oct 15, 2025 | When SNMP is configured on F5OS Appliance and Chassis systems, undisclosed requests can cause an increase in SNMP memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2025-46265 | 0.00 | — | 0.00 | May 7, 2025 | On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2025-43878 | 0.00 | — | 0.00 | May 7, 2025 | When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system. Note: Software versions which… | |||
| CVE-2025-36546 | 0.00 | — | 0.00 | May 7, 2025 | On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the… | |||
| CVE-2024-24966 | 0.00 | — | 0.00 | Feb 14, 2024 | When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2024-23607 | 0.00 | — | 0.01 | Feb 14, 2024 | A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2023-36494 | 0.00 | — | 0.00 | Aug 2, 2023 | Audit logs on F5OS-A may contain undisclosed sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2023-22657 | 0.00 | — | 0.00 | Feb 1, 2023 | On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2022-41835 | 0.00 | — | 0.00 | Oct 19, 2022 | In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller. | |||
| CVE-2022-41780 | 0.00 | — | 0.01 | Oct 19, 2022 | In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary files. | |||
| CVE-2022-25990 | 0.00 | — | 0.01 | May 5, 2022 | On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
- CVE-2025-53860Oct 15, 2025risk 0.00cvss —epss 0.00
A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module (HSM) information on F5 rSeries systems. Note: Software versions which have reached End of Technical Support (EoTS) are not…
- CVE-2025-60015Oct 15, 2025risk 0.00cvss —epss 0.00
An out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that could lead to memory corruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2025-61955Oct 15, 2025risk 0.00cvss —epss 0.00
A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical…
- CVE-2025-59778Oct 15, 2025risk 0.00cvss —epss 0.00
When the Allowed IP Addresses feature is configured on the F5OS-C partition control plane, undisclosed traffic can cause multiple containers to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2025-47150Oct 15, 2025risk 0.00cvss —epss 0.00
When SNMP is configured on F5OS Appliance and Chassis systems, undisclosed requests can cause an increase in SNMP memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2025-46265May 7, 2025risk 0.00cvss —epss 0.00
On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2025-43878May 7, 2025risk 0.00cvss —epss 0.00
When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system. Note: Software versions which…
- CVE-2025-36546May 7, 2025risk 0.00cvss —epss 0.00
On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the…
- CVE-2024-24966Feb 14, 2024risk 0.00cvss —epss 0.00
When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2024-23607Feb 14, 2024risk 0.00cvss —epss 0.01
A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2023-36494Aug 2, 2023risk 0.00cvss —epss 0.00
Audit logs on F5OS-A may contain undisclosed sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2023-22657Feb 1, 2023risk 0.00cvss —epss 0.00
On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2022-41835Oct 19, 2022risk 0.00cvss —epss 0.00
In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller.
- CVE-2022-41780Oct 19, 2022risk 0.00cvss —epss 0.01
In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary files.
- CVE-2022-25990May 5, 2022risk 0.00cvss —epss 0.01
On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated