F5 Networks Big Ip
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in F5 Networks Big Ip.
Known Exploited F5 Networks Big Ip Vulnerabilities
The following F5 Networks Big Ip vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| F5 BIG-IP Missing Authentication Vulnerability |
F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services. CVE-2022-1388 Exploit Probability: 94.5% |
May 10, 2022 |
| F5 BIG-IP Traffic Management User Interface Remote Code Execution Vulnerability |
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. CVE-2020-5902 Exploit Probability: 94.4% |
November 3, 2021 |
| F5 iControl REST unauthenticated Remote Code Execution Vulnerability |
The iControl REST interface has an unauthenticated remote command execution vulnerability. CVE-2021-22986 Exploit Probability: 94.5% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 3 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings.
By the Year
In 2025 there have been 40 vulnerabilities in F5 Networks Big Ip with an average score of 7.0 out of ten. Last year, in 2024 Big Ip had 8 security vulnerabilities published. That is, 32 more vulnerabilities have already been reported in 2025 as compared to last year. Last year, the average CVE base score was greater by 0.31
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 40 | 7.03 |
| 2024 | 8 | 7.34 |
| 2023 | 3 | 8.70 |
| 2022 | 1 | 9.80 |
It may take a day or so for new Big Ip vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent F5 Networks Big Ip Security Vulnerabilities
Vulnerability: TMM Crash on Multi-Bladed Platform CVE202561990
CVE-2025-61990
7.5 - High
- October 15, 2025
When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Double-free
XSS in BIGIP APM permits execution of JS on loggedout user
CVE-2025-61933
6.1 - Medium
- October 15, 2025
A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
XSS
F5 BIG-IP WAF/ASM BD Process Termination via Undisclosed Requests
CVE-2025-61935
7.5 - High
- October 15, 2025
When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Unchecked Return Value
BIG-IP IPsec Config Vulnerability Causes TMM Crash
CVE-2025-58071
7.5 - High
- October 15, 2025
When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Use of Uninitialized Variable
TMUI Directory Traversal Allows Authenticated File Access
CVE-2025-54755
4.9 - Medium
- October 15, 2025
A directory traversal vulnerability exists in TMUI that allows an authenticated attacker to access files which are not limited to the intended files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Improper Neutralization of Expression/Command Delimiters
F5 BIGIP LTM Client SSL Memory Leak
CVE-2025-61974
7.5 - High
- October 15, 2025
When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Memory Leak
Validation Vulnerability in Config Utility URL
CVE-2025-59483
6.5 - Medium
- October 15, 2025
A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
External Control of File Name or Path
Authenticated Command Execution in F5 iControl REST/TM Shell
CVE-2025-59481
8.7 - High
- October 15, 2025
A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Execution with Unnecessary Privileges
F5 BIG-IP APM TMM Crash via Undisclosed Traffic Policy
CVE-2025-61960
7.5 - High
- October 15, 2025
When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
NULL Pointer Dereference
F5 BIGIP APM OAuth Profile Crash (apmd Termination)
CVE-2025-54854
7.5 - High
- October 15, 2025
When a BIG-IP APM OAuth access profile (Resource Server or Resource Client) is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Out-of-bounds Read
BIGIP iHealth Command Bypass Bash Shell Privilege Escalation
CVE-2025-61958
8.7 - High
- October 15, 2025
A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and gain access to a bash shell. For BIG-IP systems running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Execution with Unnecessary Privileges
BIG-IP APM TMM Crash via Undisclosed Traffic in Virtual Server APM Policy
CVE-2025-53521
7.5 - High
- October 15, 2025
When a BIG-IP APM Access Policy is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Allocation of Resources Without Limits or Throttling
F5 BIG-IP ASM Process Crash via Malformed JSON Schema
CVE-2025-54858
7.5 - High
- October 15, 2025
When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Stack Exhaustion
BIGIP TMM DoS via nondefault tcpudptxchecksum setting
CVE-2025-58096
7.5 - High
- October 15, 2025
When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Memory Corruption
FortiGate APPL mode bypass via SCP/SFTP
CVE-2025-53868
8.7 - High
- October 15, 2025
When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Shell injection
HTTP/2 Ingress Crash in F5 BIG-IP TMM (CVE-2025-58120)
CVE-2025-58120
7.5 - High
- October 15, 2025
When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
NULL Pointer Dereference
F5 BIG-IP TMM Crash via Classification Profile on Virtual Server
CVE-2025-54479
7.5 - High
- October 15, 2025
When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Memory Corruption
BIG-IP ePVA Feature Causes TMM Crash via Undisclosed Traffic
CVE-2025-53856
7.5 - High
- October 15, 2025
When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (ePVA) feature, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. To determine which BIG-IP platforms have an ePVA chip refer to K12837: Overview of the ePVA feature https://my.f5.com/manage/s/article/K12837 . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Incorrect Control Flow Scoping
F5 BIG-IP TMM Crash via DTLS 1.2 SSL Sign Hash ANY
CVE-2025-61951
7.5 - High
- October 15, 2025
Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. This issue may occur when a Datagram Transport Layer Security (DTLS) 1.2 virtual server is enabled with a Server SSL profile that is configured with a certificate, key, and the SSL Sign Hash set to ANY, and the backend server is enabled with DTLS 1.2 and client authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Out-of-bounds Read
F5 BIG-IP iRule Declarative API Causing TMM Memory Leak
CVE-2025-54805
6.5 - Medium
- October 15, 2025
When an iRule is configured on a virtual server via the declarative API, upon re-instantiation, the cleanup process can cause an increase in the Traffic Management Microkernel (TMM) memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Memory Leak
F5 BIG-IP Next API Flood Causes TMM Crash via Undisclosed Calls
CVE-2025-55670
6.5 - Medium
- October 15, 2025
On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for Kubernetes systems, repeated undisclosed API calls can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Allocation of Resources Without Limits or Throttling
BIG-IP Advanced WAF URL Length >1024 Causing bd Process Crash
CVE-2025-61938
7.5 - High
- October 15, 2025
When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repeatedly. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Improper Validation of Specified Quantity in Input
BIGIP SSL Orchestrator TMM Crash via Uninspected Traffic
CVE-2025-41430
7.5 - High
- October 15, 2025
When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Allocation of Resources Without Limits or Throttling
BIG-IP traffic can corrupt data & authorize illegal modification
CVE-2025-58424
3.7 - Low
- October 15, 2025
On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Generation of Predictable Numbers or Identifiers
Memory Leak via Undisclosed DNS Queries in F5 BIG-IP & BIG-IP Next CNF
CVE-2025-59781
7.5 - High
- October 15, 2025
When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Insufficient Cleanup
BIG-IP SSL Orchestrator: memory corruption via explicit proxy connect
CVE-2025-55036
7.5 - High
- October 15, 2025
When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory corruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Memory Corruption
F5 BIG-IP iRule HTTP::respond Causes Memory Leak
CVE-2025-46706
7.5 - High
- October 15, 2025
When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Allocation of Resources Without Limits or Throttling
HSB Lockup Vulnerability in Hardware Systems
CVE-2025-58153
5.9 - Medium
- October 15, 2025
Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a High-Speed Bridge (HSB) may experience a lockup of the HSB. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Improper Check or Handling of Exceptional Conditions
BIG-IP Advanced WAF TMM Crash via Undisclosed HTTP/2 Traffic
CVE-2025-55669
7.5 - High
- October 15, 2025
When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Operation on a Resource after Expiration or Release
F5 BIG-IP TMM Crash via MPTCP Traffic
CVE-2025-48008
7.5 - High
- October 15, 2025
When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Dangling pointer
BIGIP AFM TMM Crash from Undisclosed DoS Requests
CVE-2025-59478
7.5 - High
- October 15, 2025
When a BIG-IP AFM denial-of-service (DoS) protection profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Access of Uninitialized Pointer
SSL Brainpool ECC Trigger TMM Crash in F5 BIG-IP
CVE-2025-60016
7.5 - High
- October 15, 2025
When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group, and that profile is applied to a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Buffer Overflow
BIG-IP Advanced WAF SSRF Protection Disrupts Client Requests
CVE-2025-58474
5.3 - Medium
- October 15, 2025
When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery (SSRF) protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Allocation of Resources Without Limits or Throttling
Stored XSS in BIGIP Config Utility (BIGIP Config UI)
CVE-2025-59269
6.1 - Medium
- October 15, 2025
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
XSS
F5 BIG-IP SAML SLO Causes Memory Leak
CVE-2025-47148
6.5 - Medium
- October 15, 2025
When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP), with single logout (SLO) enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Improper Resource Shutdown or Release
Unauthenticated Remote Access via Static Endpoints in F5 BIGIP Config Utility
CVE-2025-59268
5.3 - Medium
- October 15, 2025
On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Insertion of Sensitive Information Into Sent Data
F5 BIG-IP iRule ILX::call TMM Crash Vulnerability
CVE-2025-53474
7.5 - High
- October 15, 2025
When an iRule using an ILX::call command is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Classic Buffer Overflow
HTTP/2 Control Frame DoS (MadeYouReset)
CVE-2025-54500
5.3 - Medium
- August 13, 2025
An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Allocation of Resources Without Limits or Throttling
Resource Exhaustion via SSL Profiles on Virtual Server (CVE-2025-21087)
CVE-2025-21087
- February 05, 2025
When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Resource Exhaustion
BIG-IP PEM Virtual Server Memory Bypass via Diameter Endpoint Profile
CVE-2025-22891
- February 05, 2025
When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Missing Release of Resource after Effective Lifetime
BIG-IP Monitor Access Control Bypass via Monitor Functionality
CVE-2024-45844
- October 16, 2024
BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
BIG-IP iControl REST Unauth Info Leak of User Names
CVE-2024-41723
4.3 - Medium
- August 14, 2024
Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
BIG-IP Memory Utilization Spike via Undisclosed Traffic (CVE202441727)
CVE-2024-41727
7.5 - High
- August 14, 2024
In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Allocation of Resources Without Limits or Throttling
Command Injection in F5 BIG-IP iControl REST (Appliance Mode)
CVE-2024-22093
9.6 - Critical
- February 14, 2024
When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Command Injection
F5 BIG-IP ASM memory leak via undisclosed requests
CVE-2024-21789
7.5 - High
- February 14, 2024
When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Missing Release of Resource after Effective Lifetime
HTTP/2 Undisclosed Response Causes TMM Crash in F5 BIG-IP
CVE-2024-23314
7.5 - High
- February 14, 2024
When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
F5 BIG-IP TMM Crash via Undisclosed VLAN/SNAT Traffic
CVE-2024-24775
7.5 - High
- February 14, 2024
When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
NULL Pointer Dereference
F5 BIG-IP AFM IPS Signature Matching DoS TMM Restart
CVE-2024-21771
7.5 - High
- February 14, 2024
For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel (TMM) restarting and traffic disruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Allocation of Resources Without Limits or Throttling
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which
may
CVE-2023-46748
8.8 - High
- October 26, 2023
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
SQL Injection
Undisclosed requests may bypass configuration utility authentication
CVE-2023-46747
9.8 - Critical
- October 26, 2023
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Authentication Bypass Using an Alternate Path or Channel
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for F5 Networks Big Ip or by F5 Networks? Click the Watch button to subscribe.
