SSH Key-Based Authentication Vulnerability in F5OS Systems
CVE-2025-36546

9.2CRITICAL

Key Information:

Vendor: F5
Status: F5os - Appliance; F5os - Chassis
Vendor: CVE Published:; 7 May 2025

What is CVE-2025-36546?

On F5OS systems, enabling Appliance Mode does not disable SSH key-based authentication for root users who had previously configured it. This creates a pathway for attackers who can acquire the root user's SSH private key, potentially allowing unauthorized access to the system. As a result, systems may remain vulnerable even after security measures are enforced.

Affected Version(s)

F5OS - Appliance 1.7.0 < 1.8.0

F5OS - Appliance 1.5.1 < 1.5.3

F5OS - Chassis 1.6.0 < 1.8.0

References

https://my.f5.com/manage/s/article/K000140574

vendor-advisory

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
Apr 23, 2025

Credit

JSON