F5 F5os - Appliance
12 CVEs affecting F5 F5os - Appliance. Latest disclosed: 2025-10-15. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-57780 | High | 8.8 | 2025-10-15 | A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges. A successful explo… |
CVE-2025-61955 | High | 8.8 | 2025-10-15 | A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges. A successful expl… |
CVE-2025-46265 | High | 8.8 | 2025-05-07 | On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS… |
CVE-2025-36546 | High | 8.1 | 2025-05-07 | On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; acce… |
CVE-2025-47150 | Medium | 6.5 | 2025-10-15 | When SNMP is configured on F5OS Appliance and Chassis systems, undisclosed requests can cause an increase in SNMP memory resource utilization. Note: Software… |
CVE-2024-24966 | Medium | 6.2 | 2024-02-14 | When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which h… |
CVE-2025-43878 | Medium | 6.0 | 2025-05-07 | When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restri… |
CVE-2025-60015 | Medium | 5.7 | 2025-10-15 | An out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that could lead to memory corruption. Note: Software versions which have reached End of… |
CVE-2024-23607 | Medium | 5.5 | 2024-02-14 | A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note… |
CVE-2025-60013 | Medium | 4.6 | 2025-10-15 | When a highly-privileged, authenticated attacker attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, arbitrary s… |
CVE-2023-36494 | Medium | 4.4 | 2023-08-02 | Audit logs on F5OS-A may contain undisclosed sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evalua… |
CVE-2025-53860 | Medium | 4.1 | 2025-10-15 | A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module (HSM) inform… |