Forum Discussion

Altocumulus

Jul 20, 2025

Solved

OpenSSH vulnerability

Qualys tool reported the following vulnerability , open ssh expected behaviour violation vulnerability cve-2025-32728 I couldn't find any F5 article for this. How we can mitigate this? Is there a w...

security

VGF5
Jul 20, 2025
Hi
what is your current version of F5 ?
As of now, there is no official F5 security advisory or article specifically addressing CVE-2025-32728 in the support portal or in their Quarterly Security Notification (Feb 2025) Refer:
K000149540: Quarterly Security Notification (February 2025)
Run ssh -V
Check if the vulnerability affects your specific OpenSSH version. If your version is not affected, you may not need to take action.
Meanwhile, restrict SSH access to trusted IPs only via the F5 management interface or firewall rules.
The last option is contact the support.

VGF5

Cumulonimbus

Jul 20, 2025

what is your current version of F5 ?

As of now, there is no official F5 security advisory or article specifically addressing CVE-2025-32728 in the support portal or in their Quarterly Security Notification (Feb 2025) Refer:

K000149540: Quarterly Security Notification (February 2025)

Run ssh -V

Check if the vulnerability affects your specific OpenSSH version. If your version is not affected, you may not need to take action.

Meanwhile, restrict SSH access to trusted IPs only via the F5 management interface or firewall rules.

The last option is contact the support.

nurairtt91

Altocumulus

Jul 22, 2025

Thanks for the update. The current version is 16.1.4. The openSSHversion is 7.4

As per the security advisory, we should upgrade to OpenSSH version 10. any F5 releases include version 10?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

OpenSSH vulnerability

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Does F5 Rules for AWS WAF - Common Vulnerabilities & Exposures Mitigate Log4J vulnerabilities

Credentialed Scanning - F5OS - Rseries

WebSocket connection to 'wss://...' failed: Invalid frame header

f5 asm reporting aggregate

rSeries 4600 additional Core Enable

Related Content

Post-Quantum Cryptography, OpenSSH, & s1ngularity supply chain attack

U.S. Government cuts, Majorana 1 Chip, CVEs for Mongoose and OpenSSH

Mitigating Log4j Vulnerability using F5 BIG-IP

BYOEDR, Undetectable backdoor, WhoFi, Cyberattack to airline, and Clickjacking vulnerability

Mitigating Apache Camel Vulnerability CVE-2025–27636 with F5 Products

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS