Vulnerabilities fixed in F5 Networks BIG-IP, F5OS and NGINX App Protect WAF

F5 Networks has fixed vulnerabilities in the BIG-IP and F5OS product lines and NGINX App Protect WAF. The vulnerabilities include several configuration issues and exploit vectors. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of...

CVE-2025-53860

A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module HSM information on F5 rSeries systems. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-61955

A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support EoTS are not...

EUVD-2025-34675

A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module HSM information on F5 rSeries systems. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-57780

A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2025-53860 F5OS-A FIPS HSM vulnerability

A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module HSM information on F5 rSeries systems. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-61955

CVE-2025-61955 (F5OS-A/F5OS-C) : An authenticated attacker with local access can escalate privileges on F5OS-A or F5OS-C, potentially crossing a security boundary. Affected: F5OS-A versions up to 1.8.03 (vulnerable: 1.5.1–1.5.3; fixes in 1.8.3) and F5OS-C versions up to 1.8.1/1.6.x (vulnerable ra...

CVE-2025-47150 F5OS SNMP vulnerability

When SNMP is configured on F5OS Appliance and Chassis systems, undisclosed requests can cause an increase in SNMP memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

K000149820: F5OS SNMP vulnerability CVE-2025-47150

Security Advisory Description When SNMP is configured on the F5OS-A or F5OS-C system, undisclosed requests can cause an increase in SNMP memory resource utilization. CVE-2025-47150 Impact System performance can degrade until the SNMP process is either forced to restart or is manually restarted...

K000154661: F5OS-A FIPS HSM password vulnerability CVE-2025-60013

Security Advisory Description When a highly-privileged, authenticated attacker attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, arbitrary system commands may be executed, and the FIPS hardware security module HSM may fail to initialize. A successf...

F5 F5OS-A和F5 F5OS-C 安全漏洞

F5 F5OS-A and F5 F5OS-C are both products of F5 Corporation, U.S.A. F5 F5OS-A is an operating system software.F5 F5OS-C is an operating system software on VELOS hardware. A security vulnerability exists in F5 F5OS-A and F5 F5OS-C that originates from an authenticated attacker being able to elevat...

CVE-2025-36546

On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user's SSH...

F5 F5OS Security Vulnerability

F5 F5OS is a proprietary operating system that runs on F5 Corporation's F5 appliances to support its Application Delivery Control and Security features. A security vulnerability exists in F5 F5OS that stems from an unassigned role remote user being incorrectly authorized when configuring LDAP...

PT-2024-19961 · F5 · F5Os Qkview Utility

Name of the Vulnerable Software and Affected Versions: F5OS QKView utility affected versions not specified Description: A directory traversal vulnerability exists in the F5OS QKView utility, allowing an authenticated attacker to read files outside the QKView directory. Note that software versions...

F5 F5OS-A Log Information Disclosure Vulnerability

F5 F5OS-A is an operating system software from F5 Corporation. A log information disclosure vulnerability exists in F5 F5OS-A, which arises from the possibility that audit logs may contain sensitive, undisclosed information...