CVE-2025-46265
published 2025-05-07CVE-2025-46265: On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS…
high8.7CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | f5os | — | — |
| f5 | f5os-a | — | — |
| f5 | f5os-a | — | — |
| f5 | f5os-c | — | — |
| f5 | f5os-c | 1.6.0 – 1.6.2 | — |
| f5 | f5os_appliance | >= 1.5.1 < 1.5.2 | 1.5.2 |
| f5 | f5os_appliance | >= 1.7.0 < 1.8.0 | 1.8.0 |
| f5 | f5os_chassis | >= 1.6.0 < 1.8.0 | 1.8.0 |