Which versions of F5Os A are affected by CVE-2025-43878?

CVE-2025-43878 presents notable security risk rated CVSS 8.3. Successful exploitation could significantly impact the confidentiality, integrity, or availability of affected systems.

How to fix or mitigate CVE-2025-43878?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

F5Os A CVE-2025-43878

Q: What is the CVSS score of CVE-2025-43878?

CVE-2025-43878 has a CVSS 4.0 base score of 8.3 (High). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

HIGH

Improper Neutralization of Quoting Syntax (CWE-149)

2025-05-07 f5sirt@f5.com

Authentication Bypass F5Os A F5Os C

8.3

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:40 vuln.today

CVE Published

May 07, 2025 - 22:15 nvd

HIGH 8.3

DescriptionNVD

When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

AnalysisAI

Technical ContextAI

This vulnerability is classified under CWE-149. When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Affected products include: F5 F5Os-A, F5 F5Os-C.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-43878 vulnerability details – vuln.today

Back

F5Os A CVE-2025-43878

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

F5Os A CVE-2025-43878

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code