CVE-2025-43878
MEDIUMDescription
When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| f5 | f5os-a |
| f5 | f5os-c |
| f5 | r10600 |
| f5 | r10800 |
| f5 | r10900 |
| f5 | r12600-ds |
| f5 | r12800-ds |
| f5 | r12900-ds |
| f5 | r5600 |
| f5 | r5800 |
| f5 | r5900 |
| f5 | velos_cx1610 |
| f5 | velos_cx410 |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-43878? +
How severe is CVE-2025-43878? +
What products are affected by CVE-2025-43878? +
How do I check if I'm vulnerable to CVE-2025-43878? +
Related Vulnerabilities
Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas …
The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. …
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to …
When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code …
A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their …
Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker …