What is the severity of CVE-2025-43878?

CVE-2025-43878 is considered a high severity vulnerability due to the potential for administrative privilege escalation.

How do I fix CVE-2025-43878?

To mitigate CVE-2025-43878, upgrade to F5OS-A version 1.8.0 or later for affected F5OS-A systems, and F5OS-C version 1.8.0 or later for affected F5OS-C systems.

Who is impacted by CVE-2025-43878?

CVE-2025-43878 impacts systems running F5OS-A and F5OS-C versions 1.5.1 to 1.5.3 and 1.6.0 to 1.6.2 respectively.

What actions can an attacker take with CVE-2025-43878?

An authenticated attacker assigned the Administrator role can utilize the tcpdump command to bypass Appliance mode restrictions.

Is CVE-2025-43878 remotely exploitable?

CVE-2025-43878 is not remotely exploitable as it requires authentication and specific role assignments to exploit.

Vulnerability/
CVE-2025-43878

high

8.3

CWE

149 1286

EPSS

0.030%

7/5/2025

8/5/2025

CVE-2025-43878: F5OS-A/C CLI vulnerability

First published: Wed May 07 2025(Updated: )

When running in appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-A/C system.

Credit: f5sirt@f5.com

Affected Software	Affected Version	How to fix
F5 F5OS	>=1.5.1<=1.5.3	1.8.0
F5 F5OS	>=1.6.0<=1.6.2	1.8.0

Never miss a vulnerability like this again

Reference Links

https://my.f5.com/manage/s/article/K000139502

Frequently Asked Questions

What is the severity of CVE-2025-43878?
CVE-2025-43878 is considered a high severity vulnerability due to the potential for administrative privilege escalation.
How do I fix CVE-2025-43878?
To mitigate CVE-2025-43878, upgrade to F5OS-A version 1.8.0 or later for affected F5OS-A systems, and F5OS-C version 1.8.0 or later for affected F5OS-C systems.
Who is impacted by CVE-2025-43878?
CVE-2025-43878 impacts systems running F5OS-A and F5OS-C versions 1.5.1 to 1.5.3 and 1.6.0 to 1.6.2 respectively.
What actions can an attacker take with CVE-2025-43878?
An authenticated attacker assigned the Administrator role can utilize the tcpdump command to bypass Appliance mode restrictions.
Is CVE-2025-43878 remotely exploitable?
CVE-2025-43878 is not remotely exploitable as it requires authentication and specific role assignments to exploit.

agent/references
agent/first-publish-date
collector/f5-advisory
source/F5
alias/CVE-2025-43878
agent/software-canonical-lookup
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/title
agent/weakness
agent/type
agent/description
collector/nvd-api
source/NVD
agent/last-modified-date
agent/severity
agent/author
agent/event
collector/epss-latest
source/FIRST
agent/source
agent/tags
agent/epss
vendor/f5
canonical/f5 f5os
version/f5 f5os/1.5.1
version/f5 f5os/1.5.3
version/f5 f5os/1.6.0
version/f5 f5os/1.6.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.