Forum Discussion
AltocumulusOpenSSH vulnerability
Qualys tool reported the following vulnerability ,
open ssh expected behaviour violation vulnerability cve-2025-32728
I couldn't find any F5 article for this. How we can mitigate this? Is there a way to find the open SSH version running in F5,? Please help.
Hi
what is your current version of F5 ?
As of now, there is no official F5 security advisory or article specifically addressing CVE-2025-32728 in the support portal or in their Quarterly Security Notification (Feb 2025) Refer:
K000149540: Quarterly Security Notification (February 2025)
Run ssh -V
Check if the vulnerability affects your specific OpenSSH version. If your version is not affected, you may not need to take action.
Meanwhile, restrict SSH access to trusted IPs only via the F5 management interface or firewall rules.
The last option is contact the support.
2 Replies
VGF5Cumulonimbus
Hi
what is your current version of F5 ?
As of now, there is no official F5 security advisory or article specifically addressing CVE-2025-32728 in the support portal or in their Quarterly Security Notification (Feb 2025) Refer:
K000149540: Quarterly Security Notification (February 2025)
Run ssh -V
Check if the vulnerability affects your specific OpenSSH version. If your version is not affected, you may not need to take action.
Meanwhile, restrict SSH access to trusted IPs only via the F5 management interface or firewall rules.
The last option is contact the support.
nurairtt91Thanks for the update. The current version is 16.1.4. The openSSHversion is 7.4
As per the security advisory, we should upgrade to OpenSSH version 10. any F5 releases include version 10?
