F5 Networks Big Ip
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in F5 Networks Big Ip.
Known Exploited F5 Networks Big Ip Vulnerabilities
The following F5 Networks Big Ip vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| F5 BIG-IP Missing Authentication Vulnerability |
F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services. CVE-2022-1388 Exploit Probability: 94.5% |
May 10, 2022 |
| F5 BIG-IP Traffic Management User Interface Remote Code Execution Vulnerability |
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. CVE-2020-5902 Exploit Probability: 94.4% |
November 3, 2021 |
| F5 iControl REST unauthenticated Remote Code Execution Vulnerability |
The iControl REST interface has an unauthenticated remote command execution vulnerability. CVE-2021-22986 Exploit Probability: 94.5% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 3 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings.
By the Year
In 2026 there have been 4 vulnerabilities in F5 Networks Big Ip with an average score of 5.0 out of ten. Last year, in 2025 Big Ip had 41 security vulnerabilities published. Right now, Big Ip is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 2.17
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 4 | 4.95 |
| 2025 | 41 | 7.12 |
| 2024 | 10 | 7.32 |
| 2023 | 20 | 7.25 |
| 2022 | 17 | 7.71 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 0.00 |
It may take a day or so for new Big Ip vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent F5 Networks Big Ip Security Vulnerabilities
BIG-IP AFM/DDoS Undisclosed Traffic Causing TMM Crash
CVE-2026-2507
7.5 - High
- February 18, 2026
When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
NULL Pointer Dereference
BIG-IP Advanced WAF/ASM Crash via Undisclosed Requests (CVE-2026-22548)
CVE-2026-22548
5.9 - Medium
- February 04, 2026
When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Race Condition
BIG-IP Edge Client Info Disclosure via Windows VPN Client
CVE-2026-20730
3.3 - Low
- February 04, 2026
A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Information Disclosure
F5 BIG-IP Config Page Spoof Error Vulnerability
CVE-2026-20732
3.1 - Low
- February 04, 2026
A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
User Interface (UI) Misrepresentation of Critical Information
Vulnerability: TMM Crash on Multi-Bladed Platform CVE202561990
CVE-2025-61990
7.5 - High
- October 15, 2025
When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Double-free
XSS in BIGIP APM permits execution of JS on loggedout user
CVE-2025-61933
6.1 - Medium
- October 15, 2025
A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
XSS
BIG-IP IPsec Config Vulnerability Causes TMM Crash
CVE-2025-58071
7.5 - High
- October 15, 2025
When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Use of Uninitialized Variable
F5 BIG-IP WAF/ASM BD Process Termination via Undisclosed Requests
CVE-2025-61935
7.5 - High
- October 15, 2025
When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Unchecked Return Value
TMUI Directory Traversal Allows Authenticated File Access
CVE-2025-54755
4.9 - Medium
- October 15, 2025
A directory traversal vulnerability exists in TMUI that allows a highly privileged authenticated attacker to access files which are not limited to the intended files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Directory traversal
Authenticated Command Execution in F5 iControl REST/TM Shell
CVE-2025-59481
8.7 - High
- October 15, 2025
A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Execution with Unnecessary Privileges
Validation Vulnerability in Config Utility URL
CVE-2025-59483
6.5 - Medium
- October 15, 2025
A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
External Control of File Name or Path
F5 BIGIP LTM Client SSL Memory Leak
CVE-2025-61974
7.5 - High
- October 15, 2025
When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Memory Leak
F5 BIGIP APM OAuth Profile Crash (apmd Termination)
CVE-2025-54854
7.5 - High
- October 15, 2025
When a BIG-IP APM OAuth access profile (Resource Server or Resource Client) is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Out-of-bounds Read
F5 BIG-IP APM TMM Crash via Undisclosed Traffic Policy
CVE-2025-61960
7.5 - High
- October 15, 2025
When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
NULL Pointer Dereference
BIG-IP APM TMM Crash via Undisclosed Traffic in Virtual Server APM Policy
CVE-2025-53521
7.5 - High
- October 15, 2025
When a BIG-IP APM Access Policy is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Allocation of Resources Without Limits or Throttling
BIGIP iHealth Command Bypass Bash Shell Privilege Escalation
CVE-2025-61958
8.7 - High
- October 15, 2025
A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and gain access to a bash shell. For BIG-IP systems running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Execution with Unnecessary Privileges
FortiGate APPL mode bypass via SCP/SFTP
CVE-2025-53868
8.7 - High
- October 15, 2025
When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Shell injection
F5 BIG-IP ASM Process Crash via Malformed JSON Schema
CVE-2025-54858
7.5 - High
- October 15, 2025
When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Stack Exhaustion
BIGIP TMM DoS via nondefault tcpudptxchecksum setting
CVE-2025-58096
7.5 - High
- October 15, 2025
When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Memory Corruption
HTTP/2 Ingress Crash in F5 BIG-IP TMM (CVE-2025-58120)
CVE-2025-58120
7.5 - High
- October 15, 2025
When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
NULL Pointer Dereference
BIG-IP ePVA Feature Causes TMM Crash via Undisclosed Traffic
CVE-2025-53856
7.5 - High
- October 15, 2025
When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (ePVA) feature, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. To determine which BIG-IP platforms have an ePVA chip refer to K12837: Overview of the ePVA feature https://my.f5.com/manage/s/article/K12837 . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Incorrect Control Flow Scoping
F5 BIG-IP TMM Crash via Classification Profile on Virtual Server
CVE-2025-54479
7.5 - High
- October 15, 2025
When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Memory Corruption
F5 BIG-IP TMM Crash via DTLS 1.2 SSL Sign Hash ANY
CVE-2025-61951
7.5 - High
- October 15, 2025
Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. This issue may occur when a Datagram Transport Layer Security (DTLS) 1.2 virtual server is enabled with a Server SSL profile that is configured with a certificate, key, and the SSL Sign Hash set to ANY, and the backend server is enabled with DTLS 1.2 and client authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Out-of-bounds Read
F5 BIG-IP iRule Declarative API Causing TMM Memory Leak
CVE-2025-54805
6.5 - Medium
- October 15, 2025
When an iRule is configured on a virtual server via the declarative API, upon re-instantiation, the cleanup process can cause an increase in the Traffic Management Microkernel (TMM) memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Memory Leak
F5 BIG-IP Next API Flood Causes TMM Crash via Undisclosed Calls
CVE-2025-55670
6.5 - Medium
- October 15, 2025
On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for Kubernetes systems, repeated undisclosed API calls can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Allocation of Resources Without Limits or Throttling
BIGIP SSL Orchestrator TMM Crash via Uninspected Traffic
CVE-2025-41430
7.5 - High
- October 15, 2025
When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Allocation of Resources Without Limits or Throttling
BIG-IP Advanced WAF URL Length >1024 Causing bd Process Crash
CVE-2025-61938
7.5 - High
- October 15, 2025
When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repeatedly. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Improper Validation of Specified Quantity in Input
BIG-IP SSL Orchestrator: memory corruption via explicit proxy connect
CVE-2025-55036
7.5 - High
- October 15, 2025
When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory corruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Memory Corruption
BIG-IP traffic can corrupt data & authorize illegal modification
CVE-2025-58424
5.3 - Medium
- October 15, 2025
On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Generation of Predictable Numbers or Identifiers
Memory Leak via Undisclosed DNS Queries in F5 BIG-IP & BIG-IP Next CNF
CVE-2025-59781
7.5 - High
- October 15, 2025
When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Insufficient Cleanup
F5 BIG-IP iRule HTTP::respond Causes Memory Leak
CVE-2025-46706
7.5 - High
- October 15, 2025
When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Allocation of Resources Without Limits or Throttling
F5 BIG-IP TMM Crash via MPTCP Traffic
CVE-2025-48008
7.5 - High
- October 15, 2025
When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Dangling pointer
BIG-IP Advanced WAF TMM Crash via Undisclosed HTTP/2 Traffic
CVE-2025-55669
7.5 - High
- October 15, 2025
When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Operation on a Resource after Expiration or Release
HSB Lockup Vulnerability in Hardware Systems
CVE-2025-58153
5.9 - Medium
- October 15, 2025
Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a High-Speed Bridge (HSB) may experience a lockup of the HSB. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Improper Locking
BIGIP AFM TMM Crash from Undisclosed DoS Requests
CVE-2025-59478
7.5 - High
- October 15, 2025
When a BIG-IP AFM denial-of-service (DoS) protection profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Access of Uninitialized Pointer
SSL Brainpool ECC Trigger TMM Crash in F5 BIG-IP
CVE-2025-60016
7.5 - High
- October 15, 2025
When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group, and that profile is applied to a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Buffer Overflow
F5 BIG-IP SAML SLO Causes Memory Leak
CVE-2025-47148
6.5 - Medium
- October 15, 2025
When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP), with single logout (SLO) enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Improper Resource Shutdown or Release
BIG-IP Advanced WAF SSRF Protection Disrupts Client Requests
CVE-2025-58474
5.3 - Medium
- October 15, 2025
When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery (SSRF) protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Allocation of Resources Without Limits or Throttling
Stored XSS in BIGIP Config Utility (BIGIP Config UI)
CVE-2025-59269
6.1 - Medium
- October 15, 2025
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
XSS
F5 BIG-IP iRule ILX::call TMM Crash Vulnerability
CVE-2025-53474
7.5 - High
- October 15, 2025
When an iRule using an ILX::call command is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Classic Buffer Overflow
Unauthenticated Remote Access via Static Endpoints in F5 BIGIP Config Utility
CVE-2025-59268
5.3 - Medium
- October 15, 2025
On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Insertion of Sensitive Information Into Sent Data
HTTP/2 Control Frame DoS (MadeYouReset)
CVE-2025-54500
5.3 - Medium
- August 13, 2025
An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Allocation of Resources Without Limits or Throttling
BIG-IP PEM Virtual Server Memory Bypass via Diameter Endpoint Profile
CVE-2025-22891
- February 05, 2025
When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Missing Release of Resource after Effective Lifetime
Authenticated RCE in iControl REST of F5 BIG-IP (Appliance Mode)
CVE-2025-23239
8.7 - High
- February 05, 2025
When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Command Injection
Resource Exhaustion via SSL Profiles on Virtual Server (CVE-2025-21087)
CVE-2025-21087
- February 05, 2025
When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Resource Exhaustion
BIG-IP Monitor Access Control Bypass via Monitor Functionality
CVE-2024-45844
- October 16, 2024
BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
BIG-IP Memory Utilization Spike via Undisclosed Traffic (CVE202441727)
CVE-2024-41727
7.5 - High
- August 14, 2024
In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Allocation of Resources Without Limits or Throttling
BIG-IP iControl REST Unauth Info Leak of User Names
CVE-2024-41723
4.3 - Medium
- August 14, 2024
Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
BIG-IP Config Utility XSS: Stored XSS in unknown page
CVE-2024-31156
8 - High
- May 08, 2024
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
XSS
Potential data leak in F5 BIGIP TMMs (TMM microkernels)
CVE-2024-32761
6.5 - Medium
- May 08, 2024
Under certain conditions, a data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. This leak occurs randomly and cannot be deliberately triggered. If it occurs, it may leak up to 64 bytes of non-contiguous randomized bytes. Under rare conditions, this may lead to a TMM restart, affecting availability. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Buffer Overflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for F5 Networks Big Ip or by F5 Networks? Click the Watch button to subscribe.
