CVE-2025-43878

HIGH EPSS 4.2%

Published May 7, 20251y ago · Modified Jun 17, 20261w ago

8.3 CVSS 4.0

High

Published May 7, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS Details

Base Score

8.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Local

Attack Complexity Low

Privileges Required High

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

4.2% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-1286

CWE-149

Affected Products 13

Vendor	Product	Version	Range
f5	f5os-a	*	≥1.5.1 – <1.8.0
f5	f5os-c	*	≥1.6.0 – ≤1.6.2
f5	r10600	*	any
f5	r10800	*	any
f5	r10900	*	any
f5	r12600-ds	*	any
f5	r12800-ds	*	any
f5	r12900-ds	*	any
f5	r5600	*	any
f5	r5800	*	any
f5	r5900	*	any
f5	velos_cx1610	*	any
f5	velos_cx410	*	any

References 1

my.f5.com https://my.f5.com/manage/s/article/K000139502

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.