VDB
CVE-2025-36546
CVE-2025-36546
PUBLISHED
CVSS 8.100000381469727 HIGH
On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user's SSH private key. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
EPSS 0.26% · 49.3th percentile
Risk Scores
CVSS v3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.26%
49.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | F5OS - Chassis | 1.6.0 |
| f5 | f5os-a | 1.5.1 |
| F5 | F5OS - Appliance | 1.5.1, 1.7.0 |
| f5 | f5os-c | 1.6.0 |
Timeline
- May 7, 2025 CVE Published
- May 7, 2025 PoC Published
- May 8, 2025 EPSS Score
- May 8, 2025 PoC Published
- May 8, 2025 PoC Published
- May 9, 2025 PoC Published
- May 20, 2025 EPSS Score
- May 31, 2025 EPSS Score
- Jun 12, 2025 EPSS Score
- Jun 15, 2025 Coalition ESS Score
- Jun 23, 2025 EPSS Score
- Jul 5, 2025 EPSS Score
References
- https://my.f5.com/manage/s/article/K000140574 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-36546 advisory