CVE-2025-46265

Published May 7, 2025

Last updated 5 months ago

CVSS high 8.7

Overview

Description
On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Source
f5sirt@f5.com
NVD status
Analyzed
Products
f5os-a, f5os-c

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.7
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

f5sirt@f5.com
CWE-863

Social media

Hype score
Not currently trending

  1. ⚠️Vulnerabilidades identificadas en productos de F5 ❗CVE-2025-46265 ❗CVE-2025-31644 ❗CVE-2025-36546 ➡️Más info: https://t.co/qE4ixwva7b https://t.co/TgbB3oAUuw

    @CERTpy

    12 May 2025

    217 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. [CVE-2025-46265: HIGH] Critical vulnerability found on F5OS allowing authenticated users to gain higher privileges. Ensure software is up to date to mitigate this risk. #cybersecurity#cve,CVE-2025-46265,#cybersecurity https://t.co/axx5ppOhCq https://t.co/345A9SG4Gi

    @CveFindCom

    9 May 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2025-46265 🔴 HIGH (8.8) 🏢 F5 - F5OS - Appliance 🏗️ 1.7.0 🔗 https://t.co/cQFcgkZX68 #CyberCron #VulnAlert #InfoSec https://t.co/rAhEPpMyyS

    @cybercronai

    8 May 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges.  A successful exploit may allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.CVE-2025-57780
  2. A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module (HSM) information on F5 rSeries systems.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.CVE-2025-53860
  3. A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges.  A successful exploit may allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.CVE-2025-61955
  4. An out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that could lead to memory corruption.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.CVE-2025-60015
  5. When a highly-privileged, authenticated attacker attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, arbitrary system commands may be executed, and the FIPS hardware security module (HSM) may fail to initialize. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.CVE-2025-60013

References

Sources include official advisories and independent security research.