CVE-2025-36546

CVE-2025-36546 affects F5OS (Aplpliance mode) where SSH key-based login remains allowed for the root user even after Appliance Mode is enabled, enabling potential unauthorized access if an attacker possesses the root SSH private key. The F5 advisories/Red Hat/NCSC entries describe the issue as a ...

CVE-2025-36546 F5OS Appliance Mode vulnerability

On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user's SSH...

CVE-2025-36546 F5OS Appliance Mode vulnerability

On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user's SSH...

openssh bug fix update

An update is available for openssh. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSH is an SSH protocol implementation supported by a number of Linux, UNI...

CVE-2025-47203

dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used...

CVE-2025-47203

dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used...

K000140574: F5OS Appliance Mode vulnerability CVE-2025-36546

Security Advisory Description On an F5OS system, if the root user configures the system to allow login using SSH key-based authentication and later enables appliance mode, the system still allows access using SSH key-based authentication. For an attacker to exploit this vulnerability they must...

python-asyncssh: Rogue Session Attack

A flaw was found in python-synch before the 2.14.1 versions, where the client can log in to the attacker's account without the client being able to detect this. This flaw allows an attacker to control the remote end of the SSH session completely, resulting in a complete break of the confidentiali...

CVE-2025-47203

dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used...

CVE-2025-47203

CVE-2025-47203 affects the Dropbear SSH package’s dbclient before version 2025.88. The vulnerability arises because a shell is used when processing the hostname argument, allowing an attacker to craft an untrusted hostname that can trigger command execution. Impact is described as arbitrary comma...

CVE-2025-47203

dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used...

CVE-2025-47203

dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used...

PT-2025-20304 · F5 · F5Os

Name of the Vulnerable Software and Affected Versions: F5OS affected versions not specified Description: The issue allows access via SSH key-based authentication even after Appliance Mode is enabled, if the root user had previously configured the system to allow such login. An attacker would need...

Configure Proper MACs Algorithms for the SSH Service

In cryptography, a message authentication code MAC is an authentication mechanism used by communication entities to check message integrity. If the configured algorithms are insecure, security risks increase because weak algorithms have been or are about to be cracked in the industry. The...

Do Not Preset known_hosts for the SSH Service

knownhosts stores the public keys of the computers that the host has accessed. After a user successfully logs in to another computer, the public key information is automatically saved in $HOME/.ssh/knownhosts. When the same computer is accessed next time, its public key is verified. If the...

Configure a Proper SSH Service Authentication Mode

A proper authentication mode helps ensure user and system data security. Typically, the user/password authentication mode is suitable for human-machine users. In non-interactive login scenarios, the public and private keys are suitable for authentication. In high-risk scenarios, only the public a...

Bind Network Interfaces to the Correct Zones

Different filtering policies can be configured for different firewall zones. If the server network is complex and has multiple interfaces that provide different service functions, it is recommended that interfaces be configured in different zones and different firewall policies be configured. For...

Disable PermitUserEnvironment

PermitUserEnvironment allows users to set SSH environment variables, which may be exploited by attackers to launch attacks. If PermitUserEnvironment is set to yes, attackers can modify SSH environment variables to evade the security mechanism or execute attack code. This configuration must be...

Configure Proper Cryptographic Algorithms for the SSH Service

As cryptographic technologies develop and computing capabilities improve, some cryptographic algorithms are no longer suitable for today SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Do Not Use X11 Forwarding

The X11 forwarding function of SSH allows the GUI program of the remote host to be executed on the local host. If the X11 forwarding function is enabled, the attack surface is expanded and other users on the X11 server may attack the local host. If the function is not required in the service...