CVE-2025-36546 – F5OS SSH Key-Based Authentication Privilege Escalation

May 7, 2025

CVE ID : CVE-2025-36546

Published : May 7, 2025, 10:15 p.m. | 1 hour, 21 minutes ago

Description : On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user’s SSH private key.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-41414 – F5 BIG-IP HTTP/2 Profile Denial of Service

Next Article CVE-2025-36525 – BIG-IP APM PingAccess Profile Request Termination Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

This Motorola Razr deal at Best Buy is the top offer I’ve seen on the flip phone

Google Maps can identify and save places in your screenshots – here’s how

T-Mobile is giving loyal users a free line right now – how to see if you qualify

CTA warns of tariff-fueled price hikes on consumer tech – but it’s not all bad news

Big Node, VS Code, and Mantine updates

Big Node, VS Code, and Mantine updates

Prepare for Contact Center Week with Colleen Eager

Preparing for the Unthinkable: Safeguarding People and Productivity During India-Pakistan Conflicts

Microsoft confirms Offline Calendar for New Outlook on Windows 11

Microsoft confirms Offline Calendar for New Outlook on Windows 11

Windows 11 Microsoft Store tests Copilot integration to increase app downloads

Beyond APT: Software Management with Flatpak on Ubuntu

CVE-2025-36546 – F5OS SSH Key-Based Authentication Privilege Escalation

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-4507 – Campcodes Online Food Ordering System SQL Injection Vulnerability

New “Goldoon” Botnet Targets D-Link Routers With Decade-Old Flaw

“We want our Xbox hardware to win,” Xbox CEO Phil Spencer talks moving games to PlayStation, and the future of Xbox consoles

A framework for solving parabolic partial differential equations

Why NHIs Are Security’s Most Dangerous Blind Spot

Fine tune a generative AI application for Amazon Bedrock using Amazon SageMaker Pipeline decorators

Looking for beta readers

Cybercriminals Target Ethereum Developers with Fake Hardhat npm Packages

Megalodon: A Deep Learning Architecture for Efficient Sequence Modeling with Unlimited Context Length

CVE-2025-36546 – F5OS SSH Key-Based Authentication Privilege Escalation

Related Posts