CVE-2025-43878
Last modified
CVE-2025-43878 is a high-severity vulnerability rated 8.3/10 on the CVSS scale. When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.. EPSS estimates a 0.14% chance of exploitation in the next 30 days.
Description
When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| F5 | F5os-A | >= 1.5.1, < 1.8.0 |
| F5 | F5os-C | >= 1.6.0, <= 1.6.2 |
References
- https://my.f5.com/manage/s/article/K000139502Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-43878?
How severe is CVE-2025-43878?
How do I fix CVE-2025-43878?
Are you affected by CVE-2025-43878?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST