CVE-2025-53860

Summary

A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module (HSM) information on F5 rSeries systems.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Software

VendorProductVersion RangeStatus
F5F5OS - Appliance1.8.0 < 1.8.3affected
F5F5OS - Appliance1.5.0 < 1.5.3affected

Weaknesses

  • CWE-214: CWE-214: Invocation of Process Using Visible Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References