CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-46265 – F5OS vulnerability
https://notcve.org/view.php?id=CVE-2025-46265
07 May 2025 — On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. Note: Software versions which have reached End of Technical Support (EoTS) are not e... • https://my.f5.com/manage/s/article/K000139503 • CWE-863: Incorrect Authorization •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-43878 – F5OS-A/C CLI vulnerability
https://notcve.org/view.php?id=CVE-2025-43878
07 May 2025 — When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000139502 • CWE-149: Improper Neutralization of Quoting Syntax CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 9.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-36546 – F5OS Appliance Mode vulnerability
https://notcve.org/view.php?id=CVE-2025-36546
07 May 2025 — On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user's SSH private key. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000140574 • CWE-863: Incorrect Authorization •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24966 – F5OS vulnerability
https://notcve.org/view.php?id=CVE-2024-24966
14 Feb 2024 — When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Cuando se configura la autenticación remota LDAP en F5OS, un usuario remoto sin una función asignada será autorizado incorrectamente. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000133111 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23607 – F5OS QKView utility vulnerability
https://notcve.org/view.php?id=CVE-2024-23607
14 Feb 2024 — A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de directory traversal en la utilidad F5OS QKView que permite a un atacante autenticado leer archivos fuera del directorio QKView. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000132800 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36494 – F5OS-A vulnerability
https://notcve.org/view.php?id=CVE-2023-36494
02 Aug 2023 — Audit logs on F5OS-A may contain undisclosed sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Los registros de auditoría de F5OS-A pueden contener información confidencial no revelada. Nota: No se evalúan las versiones de software que han alcanzado el fin del soporte técnico (EoTS). • https://my.f5.com/manage/s/article/K000134922 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22657 – F5OS vulnerability
https://notcve.org/view.php?id=CVE-2023-22657
01 Feb 2023 — On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K06345931 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41835 – F5OS vulnerability CVE-2022-41835
https://notcve.org/view.php?id=CVE-2022-41835
19 Oct 2022 — In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller. En F5OS-A versiones 1.x y anteriores a 1.1.0 y en versión 1.x de F5OS-C anteriores a 1.5.0, un exceso de permisos de archivos en F5OS permite a un atacante local autenticado ejecutar un conjunto limitado de comandos en un contenedor y afectar al controlador de F5OS • https://support.f5.com/csp/article/K33484483 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41780 – F5OS CLI vulnerability CVE-2022-41780
https://notcve.org/view.php?id=CVE-2022-41780
19 Oct 2022 — In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary files. En F5OS-A versión 1.x antes de 1.1.0 y F5OS-C versión 1.x antes de 1.4.0, se presenta una vulnerabilidad de salto de directorios en una ubicación no revelada de la CLI de F5OS que permite a un atacante leer archivos arbitrarios • https://support.f5.com/csp/article/K81701735 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25990
https://notcve.org/view.php?id=CVE-2022-25990
05 May 2022 — On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated En las versiones 1.0.x anteriores a 1.0.1, los sistemas que ejecutan el software F5OS-A pueden exponer determinados puertos del registro de forma externa. Nota: Las versiones de software que han alcanzado el Fin del Soporte Técnico (EoTS) no son evaluadas • https://support.f5.com/csp/article/K44233515 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •