What is the severity of F5-K000140574?

The severity of F5-K000140574 is classified as high due to the potential risk of unauthorized SSH access.

How do I fix F5-K000140574?

To fix F5-K000140574, disable SSH key-based authentication before enabling appliance mode on your F5OS system.

What products are affected by F5-K000140574?

F5-K000140574 affects F5OS-A versions 1.5.1 to 1.5.2 and F5OS-C versions 1.6.0 to 1.6.2.

What is the potential impact of F5-K000140574?

The potential impact of F5-K000140574 includes unauthorized access to the system if an attacker gains possession of the private SSH key.

Is there a workaround for F5-K000140574?

A recommended workaround for F5-K000140574 is to refrain from using SSH key-based authentication when appliance mode is enabled.

Vulnerability/
F5-K000140574

critical

7/5/2025

F5-K000140574

First published: Wed May 07 2025(Updated: )

On an F5OS system, if the root user configures the system to allow login using SSH key-based authentication and later enables appliance mode, the system still allows access using SSH key-based authentication. For an attacker to exploit this vulnerability they must obtain possession of a private key corresponding to a previously-configured entry in root's SSH authorized_keys file.

Affected Software	Affected Version	How to fix
F5 F5OS	>=1.5.1<=1.5.2	1.8.01.5.3
F5 F5OS	>=1.6.0<=1.6.2	1.8.0

Never miss a vulnerability like this again

Reference Links

https://my.f5.com/manage/s/article/K000140574

Frequently Asked Questions

What is the severity of F5-K000140574?
The severity of F5-K000140574 is classified as high due to the potential risk of unauthorized SSH access.
How do I fix F5-K000140574?
To fix F5-K000140574, disable SSH key-based authentication before enabling appliance mode on your F5OS system.
What products are affected by F5-K000140574?
F5-K000140574 affects F5OS-A versions 1.5.1 to 1.5.2 and F5OS-C versions 1.6.0 to 1.6.2.
What is the potential impact of F5-K000140574?
The potential impact of F5-K000140574 includes unauthorized access to the system if an attacker gains possession of the private SSH key.
Is there a workaround for F5-K000140574?
A recommended workaround for F5-K000140574 is to refrain from using SSH key-based authentication when appliance mode is enabled.

collector/f5-advisory
source/F5
alias/CVE-2025-36546
agent/software-canonical-lookup
agent/severity
agent/references
agent/source
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/type
agent/description
agent/first-publish-date
agent/event
vendor/f5
canonical/f5 f5os
version/f5 f5os/1.5.1
version/f5 f5os/1.5.2
version/f5 f5os/1.6.0
version/f5 f5os/1.6.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of F5-K000140574?
The severity of F5-K000140574 is classified as high due to the potential risk of unauthorized SSH access.
How do I fix F5-K000140574?
To fix F5-K000140574, disable SSH key-based authentication before enabling appliance mode on your F5OS system.
What products are affected by F5-K000140574?
F5-K000140574 affects F5OS-A versions 1.5.1 to 1.5.2 and F5OS-C versions 1.6.0 to 1.6.2.
What is the potential impact of F5-K000140574?
The potential impact of F5-K000140574 includes unauthorized access to the system if an attacker gains possession of the private SSH key.
Is there a workaround for F5-K000140574?
A recommended workaround for F5-K000140574 is to refrain from using SSH key-based authentication when appliance mode is enabled.