CVE-2025-61955

EPSS 0.05%
Veröffentlicht 15.10.2025 13:55:53
Zuletzt bearbeitet 21.10.2025 20:35:08
Quelle f5sirt@f5.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges.  A successful exploit may allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

F5 ≫ F5os-a Version >= 1.5.1 < 1.5.4

F5 ≫ F5os-a Version1.8.0

F5 ≫ F5os-c Version >= 1.6.0 <= 1.6.2

F5 ≫ F5os-c Version >= 1.8.0 < 1.8.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.141

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
f5sirt@f5.com	8.8	2	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
f5sirt@f5.com	8.5	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

https://my.f5.com/manage/s/article/K000156771

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-61955

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-61955

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-61955

EUVD