When a user attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, the FIPS hardware security module (HSM) may fail to initialize.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
History

Wed, 15 Oct 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 15 Oct 2025 14:00:00 +0000

Type Values Removed Values Added
Description When a user attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, the FIPS hardware security module (HSM) may fail to initialize.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Title F5OS-A FIPS HSM password vulnerability
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L'}

cvssV4_0

{'score': 4.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2025-10-16T03:56:42.914Z

Reserved: 2025-10-03T23:04:38.031Z

Link: CVE-2025-60013

cve-icon Vulnrichment

Updated: 2025-10-15T15:34:44.001Z

cve-icon NVD

Status : Received

Published: 2025-10-15T14:15:55.993

Modified: 2025-10-15T14:15:55.993

Link: CVE-2025-60013

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.