Skip to main content

F5Os A

10 CVEs product

Monthly

CVE-2025-46265 HIGH This Week

On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass F5Os A F5Os C
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2025-43878 HIGH This Week

When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass F5Os A F5Os C
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-36546 CRITICAL Act Now

On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass F5Os A F5Os C
NVD
CVSS 4.0
9.2
EPSS
0.3%
CVE-2024-24966 MEDIUM This Month

When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass F5Os A F5Os C
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-23607 MEDIUM This Month

A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal F5Os A F5Os C
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-36494 MEDIUM This Month

Audit logs on F5OS-A may contain undisclosed sensitive information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure F5Os A
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-22657 HIGH This Week

On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection F5Os A F5Os C
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-41835 HIGH This Week

In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation F5Os A F5Os C
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2022-41780 MEDIUM This Month

In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal F5Os A F5Os C
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-25990 MEDIUM This Month

On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure F5Os A
NVD
CVSS 3.1
5.3
EPSS
0.7%
EPSS 0% CVSS 8.7
HIGH This Week

On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass F5Os A F5Os C
NVD
EPSS 0% CVSS 8.3
HIGH This Week

When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass F5Os A F5Os C
NVD
EPSS 0% CVSS 9.2
CRITICAL Act Now

On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass F5Os A F5Os C
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass F5Os A F5Os C
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal F5Os A F5Os C
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Audit logs on F5OS-A may contain undisclosed sensitive information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure F5Os A
NVD
EPSS 0% CVSS 7.8
HIGH This Week

On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection F5Os A F5Os C
NVD
EPSS 0% CVSS 8.8
HIGH This Week

In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation F5Os A F5Os C
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal F5Os A F5Os C
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure F5Os A
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy