FIPS Module Initialization Issue in F5 Networks Product
CVE-2025-60013

4.6MEDIUM

Key Information:

Vendor: F5
Status: F5os - Appliance
Vendor: CVE Published:; 15 October 2025

What is CVE-2025-60013?

This vulnerability affects the rSeries FIPS module in F5 Networks products. Users may experience issues during the initialization process when attempting to utilize passwords that include special shell metacharacters. Such inputs can lead to a failure in properly initializing the FIPS hardware security module (HSM), impacting the overall security and functionality of the product. It is important to note that software versions that have reached End of Technical Support (EoTS) are not subjected to evaluation for this vulnerability.

Affected Version(s)

F5OS - Appliance 1.8.0 < 1.8.3

F5OS - Appliance 1.5.0 < 1.5.4

References

https://my.f5.com/manage/s/article/K000154661

vendor-advisory

CVSS V4

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Oct 3, 2025

Credit

JSON