FIPS Module Initialization Issue in F5 Networks Product
CVE-2025-60013

4.6MEDIUM

Key Information:

Vendor: F5
Status: F5os - Appliance
Vendor: CVE Published:; 15 October 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-60013?

This vulnerability affects the rSeries FIPS module in F5 Networks products. Users may experience issues during the initialization process when attempting to utilize passwords that include special shell metacharacters. Such inputs can lead to a failure in properly initializing the FIPS hardware security module (HSM), impacting the overall security and functionality of the product. It is important to note that software versions that have reached End of Technical Support (EoTS) are not subjected to evaluation for this vulnerability.

Affected Version(s)

F5OS - Appliance 1.8.0 < 1.8.3

F5OS - Appliance 1.5.0 < 1.5.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Scalar-Venom-Attack
Created by demining

References

https://my.f5.com/manage/s/article/K000154661

vendor-advisory

CVSS V4

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 17, 2025
👾
Exploit known to exist
Nov 17, 2025
Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Oct 3, 2025

Credit

JSON