CVE Alert: CVE-2025-57780 - F5 - F5OS - Appliance

CVE-2025-57780

HIGHNo exploitation known

A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS v3.1 (8.8)

AV LOCAL · AC LOW · PR LOW · UI NONE · S CHANGED

Vendor

F5, F5

Product

F5OS – Appliance, F5OS – Chassis

Versions

1.8.0 lt 1.8.3 | 1.5.0 lt 1.5.4 | 1.8.0 lt 1.8.2 | 1.6.0 lt 1.6.4

CWE

CWE-250, CWE-250

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Published

2025-10-15T15:19:50.430Z

Updated

2025-10-16T03:56:23.881Z

References

https://my.f5.com/manage/s/article/K000156771

AI Summary Analysis

Risk verdict

High risk due to local, authenticated privilege escalation capable of crossing security boundaries; no active exploitation is indicated at present.

Why this matters

An attacker with local access can elevate privileges to system-wide control, undermining confidentiality, integrity and availability. In practical terms, a compromised maintenance or on-site operator session could lead to administrator-level changes, deployment disruption or exposure of sensitive data across affected appliances.

Most likely attack path

Exploitation is feasible with local access and low privileges required, and no user interaction needed. An attacker who already has foothold on the device can escalate to administrator rights, potentially affecting the entire system scope. Lateral movement is contingent on local access channels rather than remote exploitation, increasing risk for on-site support and maintenance scenarios.

Who is most exposed

Deployments of F5OS-A and F5OS-C in on-prem data centres or edge/branch sites with maintenance consoles are most at risk; devices that are in End of Technical Support or not in active patch cycles are particularly sensitive.

Detection ideas

Unauthorised elevation of privileges or new admin accounts
Sudden changes to local policy,sudoers, or security boundaries
Unusual or new privileged processes, kernel or system calls
Suspicious modification of access logs for maintenance windows
Anomalous console or SSH activity from maintenance stations

Mitigation and prioritisation

Patch to latest supported release; verify vendor guidance and lifecycle status
Enforce strict local-access controls; disable unused management interfaces
Apply MFA and strict role-based access for maintenance consoles
Implement network segmentation and monitoring around management paths
If KEV is present or EPSS ≥ 0.5, treat as priority 1; otherwise prioritise as High and schedule in the next patch cycle
Document change-management steps and test in a staging environment before production rollout

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: CVE, cve-2025-57780, f5, f5os-appliance, f5os-chassis, OSINT, threatintel