Home

Description

When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

PUBLISHED Reserved 2025-04-23 | Published 2025-05-07 | Updated 2025-05-08 | Assigner f5




MEDIUM: 6.0CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

HIGH: 8.3CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-149: Improper Neutralization of Quoting Syntax

CWE-1286: Improper Validation of Syntactic Correctness of Input

Product status

Default status
unknown

1.5.1 (custom) before 1.8.0
affected

Default status
unknown

1.6.0 (custom) before 1.8.0
affected

Credits

F5 finder

References

my.f5.com/manage/s/article/K000139502 vendor-advisory

cve.org (CVE-2025-43878)

nvd.nist.gov (CVE-2025-43878)

Download JSON