CVE-2025-36546
published 2025-05-07CVE-2025-36546: On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode…
critical9.2CVSS 4.0
AVNACHATPPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user's SSH private key.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | f5os | — | — |
| f5 | f5os-a | — | — |
| f5 | f5os-a | >= 1.5.1 < 1.5.3 | 1.5.3 |
| f5 | f5os-c | — | — |
| f5 | f5os-c | 1.6.0 – 1.6.2 | — |
| f5 | f5os_appliance | >= 1.5.1 < 1.5.3 | 1.5.3 |
| f5 | f5os_appliance | >= 1.7.0 < 1.8.0 | 1.8.0 |
| f5 | f5os_chassis | >= 1.6.0 < 1.8.0 | 1.8.0 |