Shodan
Vulnerabilities
Vulnerable Software
F5:  >> F5os-A  >> 1.5.3  Security Vulnerabilities
CVE-2025-57780
A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges.  A successful exploit may allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-10-15
CVE-2025-60015
An out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that could lead to memory corruption.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
5.7
EPSS Score
0.0
Published
2025-10-15
CVE-2025-61955
A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges.  A successful exploit may allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-10-15
CVE-2025-60013
When a user attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, the FIPS hardware security module (HSM) may fail to initialize.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
5.7
EPSS Score
0.0
Published
2025-10-15
CVE-2025-43878
When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
6.0
EPSS Score
0.0
Published
2025-05-07
CVE-2002-20001
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
CVSS Score
7.5
EPSS Score
0.147
Published
2021-11-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved