CVE-2025-61955
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-10-21
Assigner: F5 Networks
Description
Description
A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges.Β A successful exploit may allow the attacker to cross a security boundary.Β Β Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| f5 | f5os-a | From 1.5.1 (inc) to 1.5.4 (exc) |
| f5 | f5os-a | 1.8.0 |
| f5 | f5os-c | From 1.6.0 (inc) to 1.6.2 (inc) |
| f5 | f5os-c | From 1.8.0 (inc) to 1.8.2 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-95 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval"). |
