CVE-2025-60013
published 2025-10-15CVE-2025-60013: When a highly-privileged, authenticated attacker attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, arbitrary…
medium4.6CVSS 4.0
AVLACLATNPRHUINVCLVILVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
When a highly-privileged, authenticated attacker attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, arbitrary system commands may be executed, and the FIPS hardware security module (HSM) may fail to initialize. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | f5os-a | — | — |
| f5 | f5os-a | — | — |
| f5 | f5os-a | >= 1.5.1 < 1.5.4 | 1.5.4 |
| f5 | f5os_appliance | >= 1.5.0 < 1.5.4 | 1.5.4 |
| f5 | f5os_appliance | >= 1.8.0 < 1.8.3 | 1.8.3 |