CVE-2025-57780

>= 1.5.1 and < 1.5.4

A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their pr

8.8HIGH

CVE-2025-53860

>= 1.5.1 and < 1.5.3

A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware

4.1MEDIUM

CVE-2025-61955

>= 1.5.1 and < 1.5.4

A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their p

8.8HIGH

CVE-2025-60015

>= 1.5.1 and < 1.5.4

An out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that could lead to memory corruption. Note: Software versi

5.7MEDIUM

CVE-2025-60013

>= 1.5.1 and < 1.5.4

When a highly-privileged, authenticated attacker attempts to initialize the rSeries FIPS module using a password with special shel

4.6MEDIUM

CVE-2025-47150

>= 1.5.1 and < 1.5.3

When SNMP is configured on F5OS Appliance and Chassis systems, undisclosed requests can cause an increase in SNMP memory resource

6.5MEDIUM

CVE-2025-46265

all versions

On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authoriz

8.8HIGH

CVE-2025-43878

>= 1.5.1 and < 1.8.0

When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to

6.0MEDIUM

CVE-2025-36546

>= 1.5.1 and < 1.5.3

On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then

8.1HIGH

CVE-2024-24966

all versions

When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. No

6.2MEDIUM

CVE-2024-23607

>= 1.3.0 and < 1.4.0

A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside

5.5MEDIUM

CVE-2023-36494

all versions

Audit logs on F5OS-A may contain undisclosed sensitive information. Note: Software versions which have reached End of Technical

4.4MEDIUM

CVE-2023-22657

>= 1.2.0 and < 1.3.0

On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant

7.0HIGH

CVE-2022-41835

>= 1.0.0 and < 1.1.0

In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated

7.3HIGH

CVE-2022-41780

>= 1.0.0 and < 1.1.0

In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclos

5.5MEDIUM

CVE-2022-25990

all versions

On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software ver

5.3MEDIUM

CVE-2002-20001

>= 1.3.0 and <= 1.3.2

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actual

7.5HIGH