Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025050901050909 | Publication Time | 2025/05/09 13:17 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/05/09 13:17 |
| Impact Level | Low | ||
| [Subject] [Vulnerability Alert] Critical Security Vulnerability in F5 Operating System (CVE-2025-46265) |
|||
| [Content] Forwarded from TWCERTCC-200-202505-00000005 F5, a provider of multi-cloud application services and security, has announced a critical vulnerability (CVE-2025-46265, CVSS 3.x: 8.8). This vulnerability is caused by improper authorization in the F5 operating system (F5OS), which may allow a remote authenticated user to be assigned an F5OS role with elevated privileges. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] F5OS-A 1.x (vulnerable version: 1.5.1) F5OS-C 1.x (vulnerable versions: 1.6.0 to 1.6.2) |
|||
| [Recommended Actions] Update to one of the following patched versions: F5OS-A 1.8.0 F5OS-A 1.5.2 F5OS-C 1.8.0 |
|||
| [Reference] https://www.twcert.org.tw/tw/cp-169-10101-1e308-1.html |
|||