Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
High

Privilege Escalation in F5OS-A and F5OS-C

IdentifiersCVE-2025-57780CWE-269

CVE-2025-57780 is a privilege escalation vulnerability affecting F5OS-A and F5OS-C systems. According to the provided content, the flaw may allow an authenticated attacker with local access to escalate privileges and cross a security boundary, with higher severity when the system is operating in appliance mode. F5 advisory K000156771 describes it as a control-plane issue and notes that it does not affect the data plane. The specific vulnerable function or root cause is not provided in the supplied material.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation may allow an authenticated local attacker to gain elevated privileges on the affected F5OS system and cross a security boundary. In appliance mode, this has increased severity because appliance-mode restrictions are intended to constrain access. The issue affects the control plane and could undermine administrative isolation on F5 rSeries or VELOS environments running vulnerable F5OS-A or F5OS-C versions.

Mitigation

If you can’t patch tonight, do this now.

The provided advisory states there is no viable mitigation that allows continued user access. The only mitigation is to remove access for users who are not completely trusted until the system can be upgraded.

Remediation

Patch, then assume compromise.

Upgrade to a fixed version listed by F5 in advisory K000156771. Based on the provided content, fixed versions include F5OS-A 1.8.3 or later and F5OS-C 1.8.2 or later; if the deployed branch does not contain a fix, upgrade to a branch that does. The content also references affected ranges including F5OS-A 1.5.1 through 1.5.3 and F5OS-C 1.8.0 through 1.8.1 and 1.6.0 through 1.6.2, with subsequent fixed releases noted in the advisory tables. End-of-Technical-Support versions were not evaluated.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
F5F5os-Aoperating_system
F5F5os-Coperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

6 SOURCESView more in app
fortinet threat signalNews
Oct 17, 2025
F5 Data Breach Attack

A vulnerability in F5 BIG-IP products, details undisclosed, but considered critical due to the exposure of source code and risk of exploit acceleration.

Read more
palo alto networks unit 42 blogNews
Oct 16, 2025
Threat Brief: Nation-State Actor Steals F5 Source Code and Undisclosed Vulnerabilities

An F5OS vulnerability (appliance mode) posing a critical threat to F5OS systems (CVSS up to 8.8).

Read more
labs beazley securityNews
Oct 15, 2025
F5 Source Code, Engineering Documentation and undisclosed vulnerabilities stolen by Nation State Threat Actors

An F5OS-A/C privilege escalation vulnerability allowing an authenticated attacker to escalate privileges.

Read more
zeropath blogNews
Oct 15, 2025
F5OS-A and F5OS-C Privilege Escalation (CVE-2025-61955): Brief Summary and Technical Review - ZeroPath Blog | ZeroPath

An F5 vulnerability referenced as one of several 2025 privilege escalation and Appliance mode bypass issues, but not described in detail in the content.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2025-57780
NVD
nvd.nist.gov/vuln/detail/CVE-2025-57780
MITRE CWE · CWE-269
cwe.mitre.org
Vendor Advisory
my.f5.com/manage/s/article/K000156771