VDB

GCVE-110-NCSC-2025-319

GCVE-110-NCSC-2025-319
Advisory PublishedCVSS 7.5/10
Vulnetix · Advisory published October 15, 2025
A highly-privileged attacker using passwords with special shell metacharacters can execute arbitrary system commands, causing the rSeries FIPS hardware security module to fail initialization and potentially cross security boundaries.

Weaknesses (CWE)

CWE-1284Improper Validation of Specified Quantity in InputCWE-674Uncontrolled RecursionCWE-476NULL Pointer DereferenceCWE-705Incorrect Control Flow ScopingCWE-401Missing Release of Memory after Effective LifetimeCWE-457Use of Uninitialized VariableCWE-770Allocation of Resources Without Limits or ThrottlingCWE-125Out-of-bounds ReadCWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')CWE-415Double FreeCWE-252Unchecked Return ValueCWE-250Execution with Unnecessary PrivilegesCWE-404Improper Resource Shutdown or ReleaseCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-667Improper LockingCWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')CWE-95Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')CWE-416Use After FreeCWE-459Incomplete CleanupCWE-672Operation on a Resource after Expiration or ReleaseCWE-787Out-of-bounds WriteCWE-824Access of Uninitialized PointerCWE-73External Control of File Name or PathCWE-425Direct Request ('Forced Browsing')CWE-146Improper Neutralization of Expression/Command DelimitersCWE-214Invocation of Process Using Visible Sensitive InformationCWE-340Generation of Predictable Numbers or IdentifiersCWE-703Improper Check or Handling of Exceptional Conditions

Risk Scores

CVSS 3.1
7.5/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersionsPlatforms
F5vers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›