CVE-2025-53860
📋 TL;DR
This vulnerability allows authenticated attackers with high privileges to access sensitive FIPS HSM information on F5 rSeries systems running F5OS-A software. Only systems with supported software versions are affected, as end-of-support versions are not evaluated. The impact is limited to information disclosure of cryptographic module data.
💻 Affected Systems
- F5 rSeries systems running F5OS-A software
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could extract cryptographic keys or sensitive security module information, potentially compromising encryption integrity or enabling further attacks on protected systems.
Likely Case
Privileged insiders or compromised admin accounts could access HSM configuration details and status information, but not necessarily extract cryptographic keys.
If Mitigated
With proper access controls and monitoring, impact is limited to information disclosure that doesn't directly compromise cryptographic operations.
🎯 Exploit Status
Requires high-privilege authenticated access, limiting exploitation to authorized users or compromised admin accounts.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to F5 advisory K000148625 for specific patched versions
Vendor Advisory: https://my.f5.com/manage/s/article/K000148625
Restart Required: No
Instructions:
1. Review F5 advisory K000148625 for affected versions. 2. Upgrade to patched version following F5's upgrade procedures. 3. Verify the fix by checking version and testing HSM access controls.
🔧 Temporary Workarounds
Restrict administrative access
allLimit high-privilege accounts to only trusted personnel and implement strict access controls
Implement monitoring and auditing
allEnable detailed logging of HSM access attempts and monitor for unusual administrative activity
🧯 If You Can't Patch
- Implement strict principle of least privilege for administrative accounts
- Enable comprehensive logging and monitoring of all HSM-related access attempts
🔍 How to Verify
Check if Vulnerable:
Check F5OS-A version against affected versions listed in F5 advisory K000148625Check Version:
show version (F5OS-A CLI command)Verify Fix Applied:
Verify system is running patched version and test that HSM information access requires appropriate authorization📡 Detection & Monitoring
Log Indicators:
- Unusual HSM information access by administrative users
- Multiple failed HSM access attempts
- HSM configuration queries from unexpected sources
Network Indicators:
- Administrative access to F5 management interfaces from unexpected locations
SIEM Query:
source="f5os-a" AND (event="HSM_access" OR event="crypto_module_query") AND user_privilege="admin"