cvelistv5 - cve-2025-43878

CVE-2025-43878 (GCVE-0-2025-43878)

Vulnerability from cvelistv5 – Published: 2025-05-07 22:04 – Updated: 2025-05-08 13:00

Summary

When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity ?

6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

8.3 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

CWE

CWE-149 - Improper Neutralization of Quoting Syntax
CWE-1286 - Improper Validation of Syntactic Correctness of Input

Assigner

References

URL

Tags

https://my.f5.com/manage/s/article/K000139502

vendor-advisory

Impacted products

Vendor

Product

Version

F5OS - Appliance

Affected: 1.5.1 , < 1.8.0 (custom)

F5OS - Chassis

Affected: 1.6.0 , < 1.8.0 (custom)

Credits

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-43878",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T03:56:27.221854Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-08T13:00:05.372Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "F5OS - Appliance",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "1.8.0",
              "status": "affected",
              "version": "1.5.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "F5OS - Chassis",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "1.8.0",
              "status": "affected",
              "version": "1.6.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5"
        }
      ],
      "datePublic": "2025-05-07T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system.\u00a0\n\n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-149",
              "description": "CWE-149: Improper Neutralization of Quoting Syntax",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1286",
              "description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-07T22:04:08.402Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://my.f5.com/manage/s/article/K000139502"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "F5OS-A/C CLI vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2025-43878",
    "datePublished": "2025-05-07T22:04:08.402Z",
    "dateReserved": "2025-04-23T22:28:26.335Z",
    "dateUpdated": "2025-05-08T13:00:05.372Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-43878\",\"sourceIdentifier\":\"f5sirt@f5.com\",\"published\":\"2025-05-07T22:15:20.867\",\"lastModified\":\"2025-11-07T16:54:44.003\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system.\u00a0\\n\\n\\n\\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\"},{\"lang\":\"es\",\"value\":\"Al ejecutarse en modo Dispositivo, un atacante autenticado con el rol de Administrador o Administrador de Recursos podr\u00eda eludir las restricciones del modo Dispositivo mediante la utilidad de diagn\u00f3stico del sistema tcpdump en un sistema F5OS-C/A. Nota: Las versiones de software que han alcanzado el fin del soporte t\u00e9cnico (EoTS) no se eval\u00faan.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-149\"},{\"lang\":\"en\",\"value\":\"CWE-1286\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:f5:f5os-a:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.5.1\",\"versionEndExcluding\":\"1.8.0\",\"matchCriteriaId\":\"C4745016-45DE-4276-8281-95A6CE81DC46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:f5:f5os-c:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.6.0\",\"versionEndIncluding\":\"1.6.2\",\"matchCriteriaId\":\"CF2910A9-DD68-4E44-8805-3392DA88A297\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:f5:r10600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B494DEE-B373-4B3F-95C1-2E0997F32B6E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:f5:r10800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BC625D5-C59F-4D20-BA92-0EC85DAB8AFA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:f5:r10900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4233544A-999C-42CD-9B61-E639AAA460B9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:f5:r12600-ds:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6219686-1E3F-4CDE-9FC4-F73BD955673B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:f5:r12800-ds:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A18BFB9A-11E7-4E9B-BF73-2A87EBE778BE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:f5:r12900-ds:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E078C9F-98BC-42D4-9876-06952239EE17\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:f5:r5600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24DA75BA-A4B7-46BD-887D-03CDFAF22791\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:f5:r5800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52B4EBB6-BEEB-42DA-A146-10E401226BED\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:f5:r5900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55433400-8996-44B8-94D7-81690145EF94\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:f5:velos_cx1610:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8C75C91-81A8-455B-AF36-8DF24C0365FB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:f5:velos_cx410:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"495302C5-8C7D-4D2C-985C-B18E26D8C7DC\"}]}]}],\"references\":[{\"url\":\"https://my.f5.com/manage/s/article/K000139502\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-43878\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-08T03:56:27.221854Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-08T12:59:53.438Z\"}}], \"cna\": {\"title\": \"F5OS-A/C CLI vulnerability\", \"source\": {\"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"F5\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"F5\", \"product\": \"F5OS - Appliance\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.5.1\", \"lessThan\": \"1.8.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"F5\", \"product\": \"F5OS - Chassis\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.6.0\", \"lessThan\": \"1.8.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2025-05-07T14:00:00.000Z\", \"references\": [{\"url\": \"https://my.f5.com/manage/s/article/K000139502\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"F5 SIRTBot v1.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system.\\u00a0\\n\\n\\n\\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eWhen running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system.\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;\u003c/span\u003e\\n\\n\\n\\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\\n\\n\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-149\", \"description\": \"CWE-149: Improper Neutralization of Quoting Syntax\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1286\", \"description\": \"CWE-1286: Improper Validation of Syntactic Correctness of Input\"}]}], \"providerMetadata\": {\"orgId\": \"9dacffd4-cb11-413f-8451-fbbfd4ddc0ab\", \"shortName\": \"f5\", \"dateUpdated\": \"2025-05-07T22:04:08.402Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-43878\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-08T13:00:05.372Z\", \"dateReserved\": \"2025-04-23T22:28:26.335Z\", \"assignerOrgId\": \"9dacffd4-cb11-413f-8451-fbbfd4ddc0ab\", \"datePublished\": \"2025-05-07T22:04:08.402Z\", \"assignerShortName\": \"f5\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2025-43878

Vulnerability from fkie_nvd - Published: 2025-05-07 22:15 - Updated: 2025-11-07 16:54

Severity ?

6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Summary

References

	URL	Tags
	f5sirt@f5.com	https://my.f5.com/manage/s/article/K000139502	Vendor Advisory

Impacted products

Vendor	Product	Version
f5	f5os-a	*
f5	f5os-c	*
f5	r10600	-
f5	r10800	-
f5	r10900	-
f5	r12600-ds	-
f5	r12800-ds	-
f5	r12900-ds	-
f5	r5600	-
f5	r5800	-
f5	r5900	-
f5	velos_cx1610	-
f5	velos_cx410	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:f5:f5os-a:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4745016-45DE-4276-8281-95A6CE81DC46",
              "versionEndExcluding": "1.8.0",
              "versionStartIncluding": "1.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:f5:f5os-c:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF2910A9-DD68-4E44-8805-3392DA88A297",
              "versionEndIncluding": "1.6.2",
              "versionStartIncluding": "1.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:f5:r10600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B494DEE-B373-4B3F-95C1-2E0997F32B6E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:f5:r10800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BC625D5-C59F-4D20-BA92-0EC85DAB8AFA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:f5:r10900:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4233544A-999C-42CD-9B61-E639AAA460B9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:f5:r12600-ds:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6219686-1E3F-4CDE-9FC4-F73BD955673B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:f5:r12800-ds:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A18BFB9A-11E7-4E9B-BF73-2A87EBE778BE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:f5:r12900-ds:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E078C9F-98BC-42D4-9876-06952239EE17",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:f5:r5600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24DA75BA-A4B7-46BD-887D-03CDFAF22791",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:f5:r5800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "52B4EBB6-BEEB-42DA-A146-10E401226BED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:f5:r5900:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "55433400-8996-44B8-94D7-81690145EF94",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:f5:velos_cx1610:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8C75C91-81A8-455B-AF36-8DF24C0365FB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:f5:velos_cx410:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "495302C5-8C7D-4D2C-985C-B18E26D8C7DC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system.\u00a0\n\n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
    },
    {
      "lang": "es",
      "value": "Al ejecutarse en modo Dispositivo, un atacante autenticado con el rol de Administrador o Administrador de Recursos podr\u00eda eludir las restricciones del modo Dispositivo mediante la utilidad de diagn\u00f3stico del sistema tcpdump en un sistema F5OS-C/A. Nota: Las versiones de software que han alcanzado el fin del soporte t\u00e9cnico (EoTS) no se eval\u00faan."
    }
  ],
  "id": "CVE-2025-43878",
  "lastModified": "2025-11-07T16:54:44.003",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.2,
        "source": "f5sirt@f5.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "HIGH",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "f5sirt@f5.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-05-07T22:15:20.867",
  "references": [
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://my.f5.com/manage/s/article/K000139502"
    }
  ],
  "sourceIdentifier": "f5sirt@f5.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-149"
        },
        {
          "lang": "en",
          "value": "CWE-1286"
        }
      ],
      "source": "f5sirt@f5.com",
      "type": "Primary"
    }
  ]
}

GHSA-JV2X-VG3F-2535

Vulnerability from github – Published: 2025-05-08 00:31 – Updated: 2025-05-08 00:31

Details

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity ?

6.0 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

8.3 (High)


                  
                    CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-43878"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-149"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-07T22:15:20Z",
    "severity": "HIGH"
  },
  "details": "When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system.\u00a0\n\n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-jv2x-vg3f-2535",
  "modified": "2025-05-08T00:31:12Z",
  "published": "2025-05-08T00:31:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43878"
    },
    {
      "type": "WEB",
      "url": "https://my.f5.com/manage/s/article/K000139502"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

CERTFR-2025-AVI-0382

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
F5	BIG-IP Next	BIG-IP Next CNF versions 2.x antérieures à 2.0.0
F5	BIG-IP Next	BIG-IP Next versions 20.x antérieures à 20.3.0
F5	BIG-IP	BIG-IP versions 15.x
F5	BIG-IP Next	BIG-IP Next CNF versions 1.x
F5	BIG-IP Next	BIG-IP Next SPK versions 1.x
F5	BIG-IP Next	BIG-IP Next SPK versions 2.x antérieures à 2.0.0
F5	BIG-IP	BIG-IP versions 16.x antérieures à 16.1.6
F5	BIG-IP	BIG-IP versions 17.x antérieures à 17.1.2.2

References

Title

Publication Time

Tags

Bulletin de sécurité F5 K000150668	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000140937	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000140919	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000140968	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000137709	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000151008	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000150598	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000139571	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000148591	2025-05-07	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIG-IP Next CNF versions 2.x ant\u00e9rieures \u00e0 2.0.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next versions 20.x ant\u00e9rieures \u00e0 20.3.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 15.x",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next CNF versions 1.x",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next SPK versions 1.x",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next SPK versions 2.x ant\u00e9rieures \u00e0 2.0.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 16.x ant\u00e9rieures \u00e0 16.1.6",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 17.x ant\u00e9rieures \u00e0 17.1.2.2\t",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-41431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41431"
    },
    {
      "name": "CVE-2025-41399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41399"
    },
    {
      "name": "CVE-2025-41433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41433"
    },
    {
      "name": "CVE-2025-35995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-35995"
    },
    {
      "name": "CVE-2025-36557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36557"
    },
    {
      "name": "CVE-2025-31644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31644"
    },
    {
      "name": "CVE-2025-43878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43878"
    },
    {
      "name": "CVE-2025-36525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36525"
    },
    {
      "name": "CVE-2025-41414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41414"
    },
    {
      "name": "CVE-2025-36504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36504"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0382",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-05-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
  "vendor_advisories": [
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000150668",
      "url": "https://my.f5.com/manage/s/article/K000150668"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000140937",
      "url": "https://my.f5.com/manage/s/article/K000140937"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000140919",
      "url": "https://my.f5.com/manage/s/article/K000140919"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000140968",
      "url": "https://my.f5.com/manage/s/article/K000140968"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000137709",
      "url": "https://my.f5.com/manage/s/article/K000137709"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000151008",
      "url": "https://my.f5.com/manage/s/article/K000151008"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000150598",
      "url": "https://my.f5.com/manage/s/article/K000150598"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000139571",
      "url": "https://my.f5.com/manage/s/article/K000139571"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000148591",
      "url": "https://my.f5.com/manage/s/article/K000148591"
    }
  ]
}

CERTFR-2025-AVI-0382

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
F5	BIG-IP Next	BIG-IP Next CNF versions 2.x antérieures à 2.0.0
F5	BIG-IP Next	BIG-IP Next versions 20.x antérieures à 20.3.0
F5	BIG-IP	BIG-IP versions 15.x
F5	BIG-IP Next	BIG-IP Next CNF versions 1.x
F5	BIG-IP Next	BIG-IP Next SPK versions 1.x
F5	BIG-IP Next	BIG-IP Next SPK versions 2.x antérieures à 2.0.0
F5	BIG-IP	BIG-IP versions 16.x antérieures à 16.1.6
F5	BIG-IP	BIG-IP versions 17.x antérieures à 17.1.2.2

References

Title

Publication Time

Tags

Bulletin de sécurité F5 K000150668	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000140937	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000140919	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000140968	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000137709	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000151008	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000150598	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000139571	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000148591	2025-05-07	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIG-IP Next CNF versions 2.x ant\u00e9rieures \u00e0 2.0.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next versions 20.x ant\u00e9rieures \u00e0 20.3.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 15.x",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next CNF versions 1.x",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next SPK versions 1.x",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next SPK versions 2.x ant\u00e9rieures \u00e0 2.0.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 16.x ant\u00e9rieures \u00e0 16.1.6",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 17.x ant\u00e9rieures \u00e0 17.1.2.2\t",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-41431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41431"
    },
    {
      "name": "CVE-2025-41399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41399"
    },
    {
      "name": "CVE-2025-41433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41433"
    },
    {
      "name": "CVE-2025-35995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-35995"
    },
    {
      "name": "CVE-2025-36557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36557"
    },
    {
      "name": "CVE-2025-31644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31644"
    },
    {
      "name": "CVE-2025-43878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43878"
    },
    {
      "name": "CVE-2025-36525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36525"
    },
    {
      "name": "CVE-2025-41414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41414"
    },
    {
      "name": "CVE-2025-36504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36504"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0382",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-05-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
  "vendor_advisories": [
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000150668",
      "url": "https://my.f5.com/manage/s/article/K000150668"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000140937",
      "url": "https://my.f5.com/manage/s/article/K000140937"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000140919",
      "url": "https://my.f5.com/manage/s/article/K000140919"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000140968",
      "url": "https://my.f5.com/manage/s/article/K000140968"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000137709",
      "url": "https://my.f5.com/manage/s/article/K000137709"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000151008",
      "url": "https://my.f5.com/manage/s/article/K000151008"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000150598",
      "url": "https://my.f5.com/manage/s/article/K000150598"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000139571",
      "url": "https://my.f5.com/manage/s/article/K000139571"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000148591",
      "url": "https://my.f5.com/manage/s/article/K000148591"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-43878 (GCVE-0-2025-43878)

FKIE_CVE-2025-43878

GHSA-JV2X-VG3F-2535

CERTFR-2025-AVI-0382

Solutions

CERTFR-2025-AVI-0382

Solutions

Tags

Sightings

Nomenclature