Last Modified: Dec 12, 2025
Affected Product(s):
F5OS F5OS-A, F5OS-C
Known Affected Versions:
F5OS-A 1.5.1, F5OS-A 1.5.2, F5OS-A 1.5.3, F5OS-A 1.5.4, F5OS-A 1.8.0, F5OS-A 1.8.3, F5OS-C 1.6.0, F5OS-C 1.6.1, F5OS-C 1.6.2, F5OS-C 1.6.4, F5OS-C 1.8.0, F5OS-C 1.8.1, F5OS-C 1.8.2
Opened: Nov 14, 2025 Severity: 3-Major
If the GUI is configured to use a custom key and certificate ("system aaa tls config certificate" and "system aaa tls config key") and use an encrypted key file protected by a passphrase ("system aaa tls config passphrase"), the system fails to perform validation for subsequent changes to the passphrase (and the system is not decrypting and re-encrypting the key file).
-- Key migration fails -- HTTP GUI and API are rendered unusable
-- System is configured to use a custom key and certificate for GUI access. -- They key is encrypted with a passphrase, and "system aaa tls config passphrase" is used to set this passphrase in F5OS. -- "system aaa tls config passphrase" is later used to change the passphrase, but the underlying key is not changed.
Using the CLI: -- Manually re-encrypt the key to use the new passphrase. OR -- Change the passphrase ("system aaa tls config passphrase") back to the one that matches they key.
None