Primary

Context

F5OS Improper Authorization Vulnerability Allowing Privilege Escalation

Vulnerability

Patched

An improper authorization vulnerability has been identified in F5OS, where remotely authenticated users via LDAP, RADIUS, or TACACS+ can be granted higher privilege roles than intended. This vulnerability affects F5OS versions 1.5.1, as well as 1.6.0 through 1.6.2.

Impact

Exploitation of this vulnerability may lead to a remote, authenticated user being granted elevated privileges, such as the F5OS admin role.

Remediation

Users can upgrade to F5OS version 1.8.0 or 1.5.2 to address this vulnerability. For F5OS-C, the engineering hotfix is available for download from the MyF5 Downloads page.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

4.9

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

4.9

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

F5OS Improper Authorization Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

F5OS-A

F5OS-C

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating