Vulnerabilities fixed in F5 Networks BIG-IP, F5OS and NGINX App Protect WAF

F5 Networks has fixed vulnerabilities in the BIG-IP and F5OS product lines and NGINX App Protect WAF. The vulnerabilities include several configuration issues and exploit vectors. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of...

CVE-2025-53860

A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module HSM information on F5 rSeries systems. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-61955

A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support EoTS are not...

EUVD-2025-34675

A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module HSM information on F5 rSeries systems. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-57780

A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2025-53860 F5OS-A FIPS HSM vulnerability

A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module HSM information on F5 rSeries systems. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-61955

CVE-2025-61955 (F5OS-A/F5OS-C) : An authenticated attacker with local access can escalate privileges on F5OS-A or F5OS-C, potentially crossing a security boundary. Affected: F5OS-A versions up to 1.8.03 (vulnerable: 1.5.1–1.5.3; fixes in 1.8.3) and F5OS-C versions up to 1.8.1/1.6.x (vulnerable ra...

CVE-2025-47150 F5OS SNMP vulnerability

When SNMP is configured on F5OS Appliance and Chassis systems, undisclosed requests can cause an increase in SNMP memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

K000149820: F5OS SNMP vulnerability CVE-2025-47150

Security Advisory Description When SNMP is configured on the F5OS-A or F5OS-C system, undisclosed requests can cause an increase in SNMP memory resource utilization. CVE-2025-47150 Impact System performance can degrade until the SNMP process is either forced to restart or is manually restarted...

K000154661: F5OS-A FIPS HSM password vulnerability CVE-2025-60013

Security Advisory Description When a highly-privileged, authenticated attacker attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, arbitrary system commands may be executed, and the FIPS hardware security module HSM may fail to initialize. A successf...

F5 F5OS-A和F5 F5OS-C 安全漏洞

F5 F5OS-A and F5 F5OS-C are both products of F5 Corporation, U.S.A. F5 F5OS-A is an operating system software.F5 F5OS-C is an operating system software on VELOS hardware. A security vulnerability exists in F5 F5OS-A and F5 F5OS-C that originates from an authenticated attacker being able to elevat...

CVE-2025-36546

On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user's SSH...

PT-2024-19961 · F5 · F5Os Qkview Utility

Name of the Vulnerable Software and Affected Versions: F5OS QKView utility affected versions not specified Description: A directory traversal vulnerability exists in the F5OS QKView utility, allowing an authenticated attacker to read files outside the QKView directory. Note that software versions...

F5 F5OS Security Vulnerability

F5 F5OS is a proprietary operating system that runs on F5 Corporation's F5 appliances to support its Application Delivery Control and Security features. A security vulnerability exists in F5 F5OS that stems from an unassigned role remote user being incorrectly authorized when configuring LDAP...

F5 F5OS-A Log Information Disclosure Vulnerability

F5 F5OS-A is an operating system software from F5 Corporation. A log information disclosure vulnerability exists in F5 F5OS-A, which arises from the possibility that audit logs may contain sensitive, undisclosed information...