CVE-2025-46265

CWE-863Incorrect Authorization4 documents4 sources
Severity
8.7HIGH
EPSS
0.4%
top 40.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
F5 F5os - ApplianceF5 F5os - ChassisF5 F5os-c+1 more
Timeline
PublishedMay 7
Latest updateMay 8

Description

On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages4 packages

CVEListV5f5/f5os_-_chassis1.6.01.8.0
CVEListV5f5/f5os_-_appliance1.7.01.8.0+1
NVDf5/f5os-c1.6.01.6.2
NVDf5/f5os-a1.5.1

🔴Vulnerability Details

2
GHSA
GHSA-5r29-8gxx-9wp7: On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privi2025-05-08
CVEList
F5OS vulnerability2025-05-07

📋Vendor Advisories

1
F5
CVE-2025-46265: On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) ma...2025-05-07
CVE-2025-46265 (HIGH CVSS 8.7) | cvebase.io