CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-43878: F5OS-A/C CLI vulnerability

6.0 CVSS

Description

When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Classification

CVE ID: CVE-2025-43878

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.0

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Problem Types

CWE-149: Improper Neutralization of Quoting Syntax CWE-1286: Improper Validation of Syntactic Correctness of Input

Affected Products

Vendor: F5

Product: F5OS - Appliance, F5OS - Chassis

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 10.21% (scored less or equal to compared to others)

EPSS Date: 2025-06-05 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-43878
https://my.f5.com/manage/s/article/K000139502

Timeline

2025-05-07 23:40:17 UTC
CVE

F5OS-A/C CLI vulnerability