CVE-2025-61955
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-10-21
Assigner: F5 Networks
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| f5 | f5os-a | From 1.5.1 (inc) to 1.5.4 (exc) |
| f5 | f5os-a | 1.8.0 |
| f5 | f5os-c | From 1.6.0 (inc) to 1.6.2 (inc) |
| f5 | f5os-c | From 1.8.0 (inc) to 1.8.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-95 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval"). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in F5OS-A and F5OS-C systems and allows an authenticated attacker with local access to escalate their privileges. This means that someone who already has some level of access to the system could exploit this flaw to gain higher-level permissions, potentially crossing security boundaries within the system.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker with local authenticated access could escalate their privileges, potentially gaining control over more sensitive parts of the system. This could lead to unauthorized actions, data exposure, or disruption of services within the affected F5OS systems.