This page lists publicly disclosed CVE vulnerabilities affecting f5 f5os-c (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-57780 | A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 8.5 | 0.02% | 2025-10-15 | 2025-10-21 |
| CVE-2025-61955 | A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 8.5 | 0.03% | 2025-10-15 | 2025-10-21 |
| CVE-2025-60015 | An out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that could lead to memory corruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 6.9 | 0.03% | 2025-10-15 | 2025-10-22 |
| CVE-2025-59778 | When the Allowed IP Addresses feature is configured on the F5OS-C partition control plane, undisclosed traffic can cause multiple containers to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 7.7 | 0.07% | 2025-10-15 | 2025-10-22 |
| CVE-2025-47150 | When SNMP is configured on F5OS Appliance and Chassis systems, undisclosed requests can cause an increase in SNMP memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 7.1 | 0.07% | 2025-10-15 | 2025-10-21 |
| CVE-2025-46265 | On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 8.7 | 0.38% | 2025-05-07 | 2025-10-21 |
| CVE-2025-43878 | When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 8.3 | 0.14% | 2025-05-07 | 2025-11-07 |
| CVE-2025-36546 | On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user's SSH private key. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 9.2 | 0.26% | 2025-05-07 | 2025-10-21 |
| CVE-2024-24966 | When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 6.2 | 0.26% | 2024-02-14 | 2025-01-24 |
| CVE-2024-23607 | A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 5.5 | 0.17% | 2024-02-14 | 2025-01-24 |
| CVE-2023-22657 | On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 7.0 | 0.32% | 2023-02-01 | 2024-11-21 |
| CVE-2022-41835 | In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller. | [email protected] | 7.3 | 0.12% | 2022-10-19 | 2024-11-21 |
| CVE-2022-41780 | In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary files. | [email protected] | 5.5 | 0.12% | 2022-10-19 | 2024-11-21 |
| CVE-2002-20001 | The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must cla | [email protected] | 7.5 | 18.72% | 2021-11-11 | 2025-08-22 |