Two privilege escalation vulnerabilities in F5OS
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2025-43878 CVE-2025-46265 |
| CWE-ID | CWE-20 CWE-285 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
F5OS Operating systems & Components / Operating system |
| Vendor | F5 Networks |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU108767
Risk: Low
CVSSv4.0: 5.6 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43878
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. When running in appliance mode, an authenticated user assigned the Administrator or Resource Administrator role can bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-A/C system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsF5OS: 1.5.0 - 1.6.2
CPE2.3- cpe:2.3:o:f5_networks:f5os:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:o:f5_networks:f5os:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:f5_networks:f5os:1.5.2:*:*:*:*:*:*:*
https://my.f5.com/manage/s/article/K000139502
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper authorization
EUVDB-ID: #VU108766
Risk: Medium
CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-46265
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to improper authorization. A remote user authenticated via LDAP, RADIUS, or TACACS+ protocols can obtain higher privilege F5OS roles.
MitigationInstall updates from vendor's website.
Vulnerable software versionsF5OS: 1.5.0 - 1.6.2
CPE2.3- cpe:2.3:o:f5_networks:f5os:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:o:f5_networks:f5os:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:f5_networks:f5os:1.6.0:*:*:*:*:*:*:*
https://my.f5.com/manage/s/article/K000139503
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
