F5 Networks
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any F5 Networks product.
RSS Feeds for F5 Networks security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in F5 Networks products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by F5 Networks Sorted by Most Security Vulnerabilities since 2018
Recent F5 Networks Security Advisories
| Advisory | Title | Published |
|---|---|---|
| K000159586 | K000159586: PowerDNS vulnerability CVE-2025-59023 | January 15, 2026 |
| K000159578 | K000159578: ImageMagick vulnerability CVE-2025-68618 | January 15, 2026 |
| K000159546 | K000159546: Python vulnerability CVE-2024-5642 | January 14, 2026 |
| K000159544 | K000159544: Redis Lua vulnerability CVE-2025-49844 | January 13, 2026 |
| K000159078 | K000159078: Podman vulnerability CVE-2024-3056 | January 13, 2026 |
| K000159062 | K000159062: Linux Kernel vulnerability CVE-2024-56627 | January 12, 2026 |
| K000159061 | K000159061: Linux Kernel vulnerability CVE-2024-56626 | January 12, 2026 |
| K000159060 | K000159060: Linux Kernel vulnerability CVE-2024-56615 | January 12, 2026 |
| K000159059 | K000159059: Linux kernel vulnerability CVE-2024-56614 | January 12, 2026 |
| K000159043 | K000159043: ImageMagick vulnerability CVE-2025-69204 | January 9, 2026 |
Known Exploited F5 Networks Vulnerabilities
The following F5 Networks vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| F5 BIG-IP Configuration Utility SQL Injection Vulnerability |
F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46747. CVE-2023-46748 Exploit Probability: 4.3% |
October 31, 2023 |
| F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability |
F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46748. CVE-2023-46747 Exploit Probability: 94.4% |
October 31, 2023 |
| F5 BIG-IP Missing Authentication Vulnerability |
F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services. CVE-2022-1388 Exploit Probability: 94.5% |
May 10, 2022 |
| F5 BIG-IP Traffic Management Microkernel Buffer Overflow |
The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls. CVE-2021-22991 Exploit Probability: 66.3% |
January 18, 2022 |
| F5 BIG-IP Traffic Management User Interface Remote Code Execution Vulnerability |
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. CVE-2020-5902 Exploit Probability: 94.4% |
November 3, 2021 |
| F5 iControl REST unauthenticated Remote Code Execution Vulnerability |
The iControl REST interface has an unauthenticated remote command execution vulnerability. CVE-2021-22986 Exploit Probability: 94.5% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 4 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. The vulnerability CVE-2021-22991: F5 BIG-IP Traffic Management Microkernel Buffer Overflow is in the top 5% of the currently known exploitable vulnerabilities.
By the Year
In 2026 there have been 0 vulnerabilities in F5 Networks. Last year, in 2025 F5 Networks had 302 security vulnerabilities published. Right now, F5 Networks is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 302 | 6.90 |
| 2024 | 344 | 6.42 |
| 2023 | 175 | 6.99 |
| 2022 | 399 | 7.02 |
| 2021 | 325 | 7.31 |
| 2020 | 259 | 6.59 |
| 2019 | 296 | 6.86 |
| 2018 | 208 | 7.03 |
It may take a day or so for new F5 Networks vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent F5 Networks Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2025-69204 | Dec 30, 2025 |
ImageMagick is free and open-source software used for editing and manipulating digital imagesImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12 fixes the issue. |
|
| CVE-2025-68618 | Dec 30, 2025 |
ImageMagick is free and open-source software used for editing and manipulating digital imagesImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue. |
|
| CVE-2025-14727 | Dec 17, 2025 |
NGINX Ingress Controller Annotation Validation Flaw in rewrite-target AnnotationA vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
Nginx Ingress Controller
|
| CVE-2025-55184 | Dec 11, 2025 |
React Server Components pre-auth DoS <19.3 via insecure payload deserializationA pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints, which can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served. |
|
| CVE-2025-55183 | Dec 11, 2025 |
Inform. Leak in React Server Components 19.0.019.2.1 via Server FunctionAn information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument. |
|
| CVE-2025-9613 | Dec 09, 2025 |
PCIe IDE Tag Aliasing Enables Cross-Context Completion LeakA vulnerability was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completions being delivered to the wrong security context, potentially compromising data integrity and confidentiality. |
|
| CVE-2025-9614 | Dec 09, 2025 |
PCIe IDE Spec: Stale Write Leakage via Re-bindingAn issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on re-keying and stream flushing during device rebinding may allow stale write transactions from a previous security context to be processed in a new one. This can lead to unintended data access across trusted domains, compromising confidentiality and integrity. |
|
| CVE-2025-9612 | Dec 09, 2025 |
PCIe IDE Spec Vulnerable to TLP Replay/ReorderAn issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on Transaction Layer Packet (TLP) ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without detection. This can enable local or physical attackers on the PCIe bus to violate data integrity protections. |
|
| CVE-2025-59029 | Dec 09, 2025 |
DNS ANY Query Assertion Failure in Caching DNS ServerAn attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY. |
|
| CVE-2025-66200 | Dec 05, 2025 |
Apache HTTP Server 2.4.765 AllowOverride FileInfo Bypassmod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are recommended to upgrade to version 2.4.66, which fixes the issue. |
Http Server
|
| CVE-2025-55182 | Dec 03, 2025 |
RCFC 19.019.2 Remote Code Exec via Unsafe DeserializationA pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints. |
|
| CVE-2025-64775 | Dec 01, 2025 |
Apache Struts DOS via multipart request file leak (6.7.0/7.0.3)Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue. |
|
| CVE-2025-35968 | Nov 11, 2025 |
Privilege Escalation via UEFI Slim Bootloader Protection FailureProtection mechanism failure in the UEFI firmware for the Slim Bootloader within firmware may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. |
|
| CVE-2025-33000 | Nov 11, 2025 |
Intel QAT Privilege Escalation (Vulnerable <2.6.0)Improper input validation for some Intel QuickAssist Technology before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. |
|
| CVE-2025-30185 | Nov 11, 2025 |
Intel UEFI Ring 0 Escalation via Active Debug CodeActive debug code for some Intel UEFI reference platforms within Ring 0: Kernel may allow a denial of service and escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable data alteration. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (high) and availability (high) impacts. |
|
| CVE-2025-10230 | Nov 07, 2025 |
Samba WINS Hook RCE via Unvalidated NetBIOS NamesA flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active Directory Domain Controllers wins hook, allowing an unauthenticated network attacker to achieve remote command execution as the Samba process. |
|
| CVE-2025-61795 | Oct 27, 2025 |
Apache Tomcat DoS: Improper Tmp File Cleanup (11.0.11, 10.1.46, 9.0.109)Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue. |
Tomcat
|
| CVE-2025-55752 | Oct 27, 2025 |
Apache Tomcat RNTL in URL Rewrite (11.0.10,10.1.44,9.0.108)Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue. |
Tomcat
|
| CVE-2025-55754 | Oct 27, 2025 |
Apache Tomcat ANSI Escape Injection in Log (up to 11.0.10,10.1.44,9.0.108)Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue. |
Tomcat
|
| CVE-2025-52099 | Oct 24, 2025 |
SQLite3 3.50.0 Integer Overflow DoS via setupLookaside |
|
| CVE-2025-40780 | Oct 22, 2025 |
BIND 9 PRNG flaw predicts source port/query ID (before 9.21.13/S1)In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1. |
|
| CVE-2025-40778 | Oct 22, 2025 |
Cache Injection via Lenient Record Acceptance in BIND 9 (up to 9.21.12)Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1. |
|
| CVE-2025-8677 | Oct 22, 2025 |
CPU Exhaustion via Malformed DNSKEY in BIND 9 (9.189.21)Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1. |
|
| CVE-2025-61748 | Oct 21, 2025 |
Oracle Java SE 21.0.8 / GraalVM 21.0.8 Vulnerable Libraries: Unauth API ExploitVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 21.0.8 and 25; Oracle GraalVM for JDK: 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). |
|
| CVE-2025-53066 | Oct 21, 2025 |
Oracle JAXP RCE in Java SE and GraalVMVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). |
|
| CVE-2025-53057 | Oct 21, 2025 |
Oracle Java SE & GraalVM Security flaw in 8u461/11.0.28/17.0.16/21.0.8Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). |
|
| CVE-2025-61990 | Oct 15, 2025 |
Vulnerability: TMM Crash on Multi-Bladed Platform CVE202561990When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
Big Ip
|
| CVE-2025-57780 | Oct 15, 2025 |
Priv Escalation via Authenticated Local Access in F5OS-A/CA vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
| CVE-2025-61933 | Oct 15, 2025 |
XSS in BIGIP APM permits execution of JS on loggedout userA reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
Big Ip
|
| CVE-2025-61935 | Oct 15, 2025 |
F5 BIG-IP WAF/ASM BD Process Termination via Undisclosed RequestsWhen a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
Big Ip
|
| CVE-2025-58071 | Oct 15, 2025 |
BIG-IP IPsec Config Vulnerability Causes TMM CrashWhen IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
Big Ip
|
| CVE-2025-53860 | Oct 15, 2025 |
F5OS-A HSM Info Exposure: Authenticated Privileged AccessA vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module (HSM) information on F5 rSeries systems. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
| CVE-2025-54755 | Oct 15, 2025 |
TMUI Directory Traversal Allows Authenticated File AccessA directory traversal vulnerability exists in TMUI that allows an authenticated attacker to access files which are not limited to the intended files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
Big Ip
|
| CVE-2025-60015 | Oct 15, 2025 |
Out-of-Bounds Write in F5OS-A & F5OS-C Leading to Memory CorruptionAn out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that could lead to memory corruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
| CVE-2025-59483 | Oct 15, 2025 |
Validation Vulnerability in Config Utility URLA validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
Big Ip
|
| CVE-2025-59481 | Oct 15, 2025 |
Authenticated Command Execution in F5 iControl REST/TM ShellA vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
Big Ip
|
| CVE-2025-61974 | Oct 15, 2025 |
F5 BIGIP LTM Client SSL Memory LeakWhen a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
Big Ip
|
| CVE-2025-54854 | Oct 15, 2025 |
F5 BIGIP APM OAuth Profile Crash (apmd Termination)When a BIG-IP APM OAuth access profile (Resource Server or Resource Client) is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
Big Ip
|
| CVE-2025-61960 | Oct 15, 2025 |
F5 BIG-IP APM TMM Crash via Undisclosed Traffic PolicyWhen a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
Big Ip
|
| CVE-2025-61955 | Oct 15, 2025 |
Priv Esc in F5OS-A/C via Local Auth AccessA vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
| CVE-2025-53521 | Oct 15, 2025 |
BIG-IP APM TMM Crash via Undisclosed Traffic in Virtual Server APM PolicyWhen a BIG-IP APM Access Policy is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
Big Ip
|
| CVE-2025-61958 | Oct 15, 2025 |
BIGIP iHealth Command Bypass Bash Shell Privilege EscalationA vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and gain access to a bash shell. For BIG-IP systems running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
Big Ip
|
| CVE-2025-53868 | Oct 15, 2025 |
FortiGate APPL mode bypass via SCP/SFTPWhen running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
Big Ip
|
| CVE-2025-58096 | Oct 15, 2025 |
BIGIP TMM DoS via nondefault tcpudptxchecksum settingWhen the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
Big Ip
|
| CVE-2025-54858 | Oct 15, 2025 |
F5 BIG-IP ASM Process Crash via Malformed JSON SchemaWhen a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
Big Ip
|
| CVE-2025-60013 | Oct 15, 2025 |
rSeries FIPS HSM Init Failure with Password containing Shell MetacharactersWhen a user attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, the FIPS hardware security module (HSM) may fail to initialize. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
| CVE-2025-58120 | Oct 15, 2025 |
HTTP/2 Ingress Crash in F5 BIG-IP TMM (CVE-2025-58120)When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
Big Ip
|
| CVE-2025-61951 | Oct 15, 2025 |
F5 BIG-IP TMM Crash via DTLS 1.2 SSL Sign Hash ANYUndisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. This issue may occur when a Datagram Transport Layer Security (DTLS) 1.2 virtual server is enabled with a Server SSL profile that is configured with a certificate, key, and the SSL Sign Hash set to ANY, and the backend server is enabled with DTLS 1.2 and client authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
Big Ip
|
| CVE-2025-54479 | Oct 15, 2025 |
F5 BIG-IP TMM Crash via Classification Profile on Virtual ServerWhen a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
Big Ip
|
| CVE-2025-53856 | Oct 15, 2025 |
BIG-IP ePVA Feature Causes TMM Crash via Undisclosed TrafficWhen a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (ePVA) feature, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. To determine which BIG-IP platforms have an ePVA chip refer to K12837: Overview of the ePVA feature https://my.f5.com/manage/s/article/K12837 . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
Big Ip
|