8.3

CVE-2025-43878

When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system. 



Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
F5F5os-a Version >= 1.5.1 < 1.8.0
   F5R10600 Version-
   F5R10800 Version-
   F5R10900 Version-
   F5R12600-ds Version-
   F5R12800-ds Version-
   F5R12900-ds Version-
   F5R5600 Version-
   F5R5800 Version-
   F5R5900 Version-
   F5Velos Cx1610 Version-
   F5Velos Cx410 Version-
F5F5os-c Version >= 1.6.0 <= 1.6.2
   F5R10600 Version-
   F5R10800 Version-
   F5R10900 Version-
   F5R12600-ds Version-
   F5R12800-ds Version-
   F5R12900-ds Version-
   F5R5600 Version-
   F5R5800 Version-
   F5R5900 Version-
   F5Velos Cx1610 Version-
   F5Velos Cx410 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.105
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
f5sirt@f5.com 8.3 0 0
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
f5sirt@f5.com 6 0.8 5.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CWE-1286 Improper Validation of Syntactic Correctness of Input

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

CWE-149 Improper Neutralization of Quoting Syntax

Quotes injected into a product can be used to compromise a system. As data are parsed, an injected/absent/duplicate/malformed use of quotes may cause the process to take unexpected actions.