Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-20029 (GCVE-0-2025-20029)
Vulnerability from cvelistv5 – Published: 2025-02-05 17:31 – Updated: 2026-02-26 19:09
VLAI?
EPSS
Title
BIG-IP iControl REST and tmsh vulnerability
Summary
Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000148587 | vendor-advisory |
Impacted products
Date Public ?
2025-02-05 15:00
Credits
F5 acknowledges Matei "Mal" Badanoiu @ Deloitte for bringing this issue to our attention and following the highest standards of coordinated disclosure.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20029",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T04:55:27.931242Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:09:22.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"iControl REST and tmsh"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "17.1.2.1",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
},
{
"lessThan": "16.1.5.2",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
},
{
"lessThan": "15.1.10.6",
"status": "affected",
"version": "15.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "F5 acknowledges Matei \"Mal\" Badanoiu @ Deloitte for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"datePublic": "2025-02-05T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCommand injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands.\u003c/span\u003e\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"value": "Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands.\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T17:31:06.455Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000148587"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BIG-IP iControl REST and tmsh vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2025-20029",
"datePublished": "2025-02-05T17:31:06.455Z",
"dateReserved": "2025-01-22T00:17:16.412Z",
"dateUpdated": "2026-02-26T19:09:22.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-20029",
"date": "2026-05-18",
"epss": "0.66177",
"percentile": "0.98539"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-20029\",\"sourceIdentifier\":\"f5sirt@f5.com\",\"published\":\"2025-02-05T18:15:29.573\",\"lastModified\":\"2025-10-21T11:41:21.793\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands.\\n\\n \\n\\n\\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de inyecci\u00f3n de comandos en el comando de guardado de iControl REST y BIG-IP TMOS Shell (tmsh), que puede permitir que un atacante autenticado ejecute comandos arbitrarios del sistema. Nota: Las versiones de software que han alcanzado el fin del soporte t\u00e9cnico (EoTS) no se eval\u00faan.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.10.6\",\"matchCriteriaId\":\"ACFA21BC-F3DF-4B8A-995C-9BA6273BA9D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.10.6\",\"matchCriteriaId\":\"901E1F05-2F2A-44DB-BE01-D0A5A7C05C88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.10.6\",\"matchCriteriaId\":\"A912353F-5F09-4DDC-8012-9EB4499B681C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.10.6\",\"matchCriteriaId\":\"2645FC28-A376-464F-9F42-8CCAE0C25E2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.10.6\",\"matchCriteriaId\":\"3A5D99D9-8C1B-45A7-9396-00B7F6A857D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.10.6\",\"matchCriteriaId\":\"69B6700C-1185-47C0-B670-7CF18A1C252B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.10.6\",\"matchCriteriaId\":\"5685C1A6-C0A6-4FDF-921C-45DD543A44B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.10.6\",\"matchCriteriaId\":\"4D360E5C-3B0E-4689-A201-64D973CA4F84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.10.6\",\"matchCriteriaId\":\"CB139E6B-5F2D-4A28-A6E8-16BAF6B5106A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.10.6\",\"matchCriteriaId\":\"10AC4FF5-30C6-4145-B55E-2673FB876432\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.10.6\",\"matchCriteriaId\":\"173DBEB0-BE14-49B5-83D2-B314DF0FF27E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.10.6\",\"matchCriteriaId\":\"4F8F56B8-699F-4291-AC52-CC1B6282FE92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.10.6\",\"matchCriteriaId\":\"B4B04ED6-515F-4A3E-A8D6-A57D2B119694\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.10.6\",\"matchCriteriaId\":\"F2B2B183-7FE2-4CF2-9B7D-B5DDDE451B5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.10.6\",\"matchCriteriaId\":\"C687A8F0-CE1D-42D9-BAB9-6140450802CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.10.6\",\"matchCriteriaId\":\"473AEA76-D55E-4C89-BD18-84C56C281E6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.10.6\",\"matchCriteriaId\":\"04BCF23C-18DA-4B3B-B88F-07EC8251D2FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.10.6\",\"matchCriteriaId\":\"1F8822A3-EE6D-4D22-8BAE-845F17CCA039\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.10.6\",\"matchCriteriaId\":\"2A8991DF-96BD-4F1E-9820-C7E8DFE33FE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.10.6\",\"matchCriteriaId\":\"36F8E1BD-67A6-4E9D-BDC7-6993FA83687B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.10.6\",\"matchCriteriaId\":\"267C9729-5DC9-42B6-A860-1C42B97C4C1D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.5.2\",\"matchCriteriaId\":\"42C5261E-CC76-48D7-A5B3-82E01BE49575\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.5.2\",\"matchCriteriaId\":\"5E8F57B7-49CE-4966-B5FD-9BFF59CA754E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.5.2\",\"matchCriteriaId\":\"D3E754CA-395B-45F7-BFC1-2AA92AD02BE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.5.2\",\"matchCriteriaId\":\"169502B9-8E6A-4981-AA07-B51331119908\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.5.2\",\"matchCriteriaId\":\"C7A37F8C-E0B4-42B2-A30E-870C31BFB98D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.5.2\",\"matchCriteriaId\":\"45379A02-10A9-4198-A9D5-6E8C4E01AF3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.5.2\",\"matchCriteriaId\":\"B99204C1-A38F-46CD-A104-E22D9F47FA81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.5.2\",\"matchCriteriaId\":\"DB9B1EB5-9BBD-45C4-B13A-DC03F9B3E585\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.5.2\",\"matchCriteriaId\":\"D0A7A2AE-272A-4EBD-8AB4-493031710455\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.5.2\",\"matchCriteriaId\":\"DFBFE962-2924-4E21-8E66-4E6C8A2A7CE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.5.2\",\"matchCriteriaId\":\"083B09EA-C864-4784-9B63-2FAF3F4FBCED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.5.2\",\"matchCriteriaId\":\"AC440F57-771F-4A96-9792-873DBBF6B71D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.5.2\",\"matchCriteriaId\":\"70014BBC-95C8-4873-A5AD-13C0CEB084AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.5.2\",\"matchCriteriaId\":\"FB30B472-660B-456D-AA9D-6FE0A7004DB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.5.2\",\"matchCriteriaId\":\"498EC9EE-189C-4A89-AA67-5709F9FA47C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.5.2\",\"matchCriteriaId\":\"34211472-272D-4D17-A8D7-E3C89EA3A042\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.5.2\",\"matchCriteriaId\":\"5B4E30D9-6076-4560-8B29-1B4ED07D72B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.5.2\",\"matchCriteriaId\":\"19ED7787-AEC0-45A2-A187-2BC164D9B046\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.5.2\",\"matchCriteriaId\":\"86330C47-96F4-4732-8179-F5275D8A4105\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.5.2\",\"matchCriteriaId\":\"44AC4540-A25B-47E5-8501-CA2B992BDED0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.5.2\",\"matchCriteriaId\":\"28A713E8-597F-41D1-8F72-86729DDF4D56\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.2.1\",\"matchCriteriaId\":\"D0CA138F-8EE1-40ED-98BD-509C687E8F8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.2.1\",\"matchCriteriaId\":\"F8076A80-5BFB-478A-84D9-BD7CD84AE2FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.2.1\",\"matchCriteriaId\":\"6F1543EE-6B7F-469E-A378-D2434AE86406\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.2.1\",\"matchCriteriaId\":\"BC9EFBCC-3996-4BCA-9C2A-E37084FE12E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.2.1\",\"matchCriteriaId\":\"8BADF783-875B-4685-96C5-DD280A661157\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.2.1\",\"matchCriteriaId\":\"651C7CEE-A962-4771-920E-E6FA13E6817A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.2.1\",\"matchCriteriaId\":\"8B102BA6-EB21-40DE-8939-BA4B2D5A3B9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.2.1\",\"matchCriteriaId\":\"DA7DFCC2-9953-48FC-9BDB-13A8EC34228A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.2.1\",\"matchCriteriaId\":\"CBE8218F-C290-43A2-AC0B-3416A1850088\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.2.1\",\"matchCriteriaId\":\"C92188C5-1230-4030-B384-F28E222CD7AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.2.1\",\"matchCriteriaId\":\"7A2D4DBD-A2FE-4F17-B64A-A66BC98801BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.2.1\",\"matchCriteriaId\":\"794082F4-A86E-49EF-9B8D-684E568F0527\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.2.1\",\"matchCriteriaId\":\"7E0A2560-601C-4A90-93AE-CB99F4CC38B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.2.1\",\"matchCriteriaId\":\"9EBCA2AF-BF51-46CB-B2A1-E539C8938237\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.2.1\",\"matchCriteriaId\":\"002D9868-FEA3-424B-BEB6-41510F4B46C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.2.1\",\"matchCriteriaId\":\"5BDEBA67-6390-4A05-96F7-134B0FB5A089\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.2.1\",\"matchCriteriaId\":\"7FC1A913-2B13-4C38-806F-96DFB6231C32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.2.1\",\"matchCriteriaId\":\"B786F7D8-AF15-4CD2-9ED3-3C0510585D1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.2.1\",\"matchCriteriaId\":\"49B8B566-B34A-45C3-A188-7F7DF8D1F898\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.2.1\",\"matchCriteriaId\":\"FE937E15-FC55-4369-9C88-AA847F18EFB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.2.1\",\"matchCriteriaId\":\"ABED562C-83CB-4A34-B2F9-706E7CB9E923\"}]}]}],\"references\":[{\"url\":\"https://my.f5.com/manage/s/article/K000148587\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-20029\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-26T04:55:27.931242Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-06T14:04:54.047Z\"}}], \"cna\": {\"title\": \"BIG-IP iControl REST and tmsh vulnerability\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"F5 acknowledges Matei \\\"Mal\\\" Badanoiu @ Deloitte for bringing this issue to our attention and following the highest standards of coordinated disclosure.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"F5\", \"modules\": [\"iControl REST and tmsh\"], \"product\": \"BIG-IP\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.1.0\", \"lessThan\": \"17.1.2.1\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"16.1.0\", \"lessThan\": \"16.1.5.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"15.1.0\", \"lessThan\": \"15.1.10.6\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2025-02-05T15:00:00.000Z\", \"references\": [{\"url\": \"https://my.f5.com/manage/s/article/K000148587\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"F5 SIRTBot v1.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands.\\n\\n \\n\\n\\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eCommand injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands.\u003c/span\u003e\\n\\n \\n\\n\\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"9dacffd4-cb11-413f-8451-fbbfd4ddc0ab\", \"shortName\": \"f5\", \"dateUpdated\": \"2025-02-05T17:31:06.455Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-20029\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T19:09:22.320Z\", \"dateReserved\": \"2025-01-22T00:17:16.412Z\", \"assignerOrgId\": \"9dacffd4-cb11-413f-8451-fbbfd4ddc0ab\", \"datePublished\": \"2025-02-05T17:31:06.455Z\", \"assignerShortName\": \"f5\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2025-AVI-0099
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | NGINX Plus | NGINX Plus versions R28 à R33 antérieures à R32 P2 ou R33 P2 | ||
| F5 | BIG-IP | BIG-IP versions 16.1.x antérieures à 16.1.5.2 sans les derniers correctifs de sécurité | ||
| F5 | BIG-IP Next | BIG-IP Next Central Manager versions 20.x antérieures à 20.3.0 | ||
| F5 | BIG-IP Next | BIG-IP Next SPK versions 1.8.x à 1.9.x antérieures à 1.9.1 | ||
| F5 | BIG-IP | BIG-IP versions 15.1.x antérieures à 15.1.10.6 sans les derniers correctifs de sécurité | ||
| F5 | BIG-IP | BIG-IP versions 17.1.x antérieures à 17.1.2.1 | ||
| F5 | BIG-IP Next | BIG-IP Next SPK versions 1.7.x antérieures à 1.7.7 | ||
| F5 | NGINX | NGINX Open Source versions 1.x antérieures à 1.26.3 ou 1.27.4 | ||
| F5 | BIG-IP Next | BIG-IP Next CNF versions antérieures à 1.4.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NGINX Plus versions R28 \u00e0 R33 ant\u00e9rieures \u00e0 R32 P2 ou R33 P2",
"product": {
"name": "NGINX Plus",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP versions 16.1.x ant\u00e9rieures \u00e0 16.1.5.2 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next Central Manager versions 20.x ant\u00e9rieures \u00e0 20.3.0",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next SPK versions 1.8.x \u00e0 1.9.x ant\u00e9rieures \u00e0 1.9.1",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP versions 15.1.x ant\u00e9rieures \u00e0 15.1.10.6 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP versions 17.1.x ant\u00e9rieures \u00e0 17.1.2.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next SPK versions 1.7.x ant\u00e9rieures \u00e0 1.7.7",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Open Source versions 1.x ant\u00e9rieures \u00e0 1.26.3 ou 1.27.4",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next CNF versions ant\u00e9rieures \u00e0 1.4.0",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-23413",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23413"
},
{
"name": "CVE-2025-22891",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22891"
},
{
"name": "CVE-2025-24326",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24326"
},
{
"name": "CVE-2025-24320",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24320"
},
{
"name": "CVE-2025-20045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20045"
},
{
"name": "CVE-2025-24497",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24497"
},
{
"name": "CVE-2025-20058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20058"
},
{
"name": "CVE-2025-23239",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23239"
},
{
"name": "CVE-2025-23415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23415"
},
{
"name": "CVE-2025-21087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21087"
},
{
"name": "CVE-2025-24319",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24319"
},
{
"name": "CVE-2025-20029",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20029"
},
{
"name": "CVE-2025-21091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21091"
},
{
"name": "CVE-2025-22846",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22846"
},
{
"name": "CVE-2025-23419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23419"
},
{
"name": "CVE-2025-24312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24312"
},
{
"name": "CVE-2025-23412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23412"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0099",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
"vendor_advisories": [
{
"published_at": "2025-02-05",
"title": "Bulletin de s\u00e9curit\u00e9 F5 K000149540",
"url": "https://my.f5.com/manage/s/article/K000149540"
}
]
}
CERTFR-2025-AVI-0099
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | NGINX Plus | NGINX Plus versions R28 à R33 antérieures à R32 P2 ou R33 P2 | ||
| F5 | BIG-IP | BIG-IP versions 16.1.x antérieures à 16.1.5.2 sans les derniers correctifs de sécurité | ||
| F5 | BIG-IP Next | BIG-IP Next Central Manager versions 20.x antérieures à 20.3.0 | ||
| F5 | BIG-IP Next | BIG-IP Next SPK versions 1.8.x à 1.9.x antérieures à 1.9.1 | ||
| F5 | BIG-IP | BIG-IP versions 15.1.x antérieures à 15.1.10.6 sans les derniers correctifs de sécurité | ||
| F5 | BIG-IP | BIG-IP versions 17.1.x antérieures à 17.1.2.1 | ||
| F5 | BIG-IP Next | BIG-IP Next SPK versions 1.7.x antérieures à 1.7.7 | ||
| F5 | NGINX | NGINX Open Source versions 1.x antérieures à 1.26.3 ou 1.27.4 | ||
| F5 | BIG-IP Next | BIG-IP Next CNF versions antérieures à 1.4.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NGINX Plus versions R28 \u00e0 R33 ant\u00e9rieures \u00e0 R32 P2 ou R33 P2",
"product": {
"name": "NGINX Plus",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP versions 16.1.x ant\u00e9rieures \u00e0 16.1.5.2 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next Central Manager versions 20.x ant\u00e9rieures \u00e0 20.3.0",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next SPK versions 1.8.x \u00e0 1.9.x ant\u00e9rieures \u00e0 1.9.1",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP versions 15.1.x ant\u00e9rieures \u00e0 15.1.10.6 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP versions 17.1.x ant\u00e9rieures \u00e0 17.1.2.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next SPK versions 1.7.x ant\u00e9rieures \u00e0 1.7.7",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Open Source versions 1.x ant\u00e9rieures \u00e0 1.26.3 ou 1.27.4",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next CNF versions ant\u00e9rieures \u00e0 1.4.0",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-23413",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23413"
},
{
"name": "CVE-2025-22891",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22891"
},
{
"name": "CVE-2025-24326",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24326"
},
{
"name": "CVE-2025-24320",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24320"
},
{
"name": "CVE-2025-20045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20045"
},
{
"name": "CVE-2025-24497",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24497"
},
{
"name": "CVE-2025-20058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20058"
},
{
"name": "CVE-2025-23239",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23239"
},
{
"name": "CVE-2025-23415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23415"
},
{
"name": "CVE-2025-21087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21087"
},
{
"name": "CVE-2025-24319",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24319"
},
{
"name": "CVE-2025-20029",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20029"
},
{
"name": "CVE-2025-21091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21091"
},
{
"name": "CVE-2025-22846",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22846"
},
{
"name": "CVE-2025-23419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23419"
},
{
"name": "CVE-2025-24312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24312"
},
{
"name": "CVE-2025-23412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23412"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0099",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
"vendor_advisories": [
{
"published_at": "2025-02-05",
"title": "Bulletin de s\u00e9curit\u00e9 F5 K000149540",
"url": "https://my.f5.com/manage/s/article/K000149540"
}
]
}
FKIE_CVE-2025-20029
Vulnerability from fkie_nvd - Published: 2025-02-05 18:15 - Updated: 2025-10-21 11:41
Severity ?
Summary
Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | https://my.f5.com/manage/s/article/K000148587 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACFA21BC-F3DF-4B8A-995C-9BA6273BA9D9",
"versionEndExcluding": "15.1.10.6",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "901E1F05-2F2A-44DB-BE01-D0A5A7C05C88",
"versionEndExcluding": "15.1.10.6",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A912353F-5F09-4DDC-8012-9EB4499B681C",
"versionEndExcluding": "15.1.10.6",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2645FC28-A376-464F-9F42-8CCAE0C25E2F",
"versionEndExcluding": "15.1.10.6",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5D99D9-8C1B-45A7-9396-00B7F6A857D6",
"versionEndExcluding": "15.1.10.6",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69B6700C-1185-47C0-B670-7CF18A1C252B",
"versionEndExcluding": "15.1.10.6",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5685C1A6-C0A6-4FDF-921C-45DD543A44B4",
"versionEndExcluding": "15.1.10.6",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D360E5C-3B0E-4689-A201-64D973CA4F84",
"versionEndExcluding": "15.1.10.6",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB139E6B-5F2D-4A28-A6E8-16BAF6B5106A",
"versionEndExcluding": "15.1.10.6",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10AC4FF5-30C6-4145-B55E-2673FB876432",
"versionEndExcluding": "15.1.10.6",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "173DBEB0-BE14-49B5-83D2-B314DF0FF27E",
"versionEndExcluding": "15.1.10.6",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8F56B8-699F-4291-AC52-CC1B6282FE92",
"versionEndExcluding": "15.1.10.6",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B04ED6-515F-4A3E-A8D6-A57D2B119694",
"versionEndExcluding": "15.1.10.6",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B2B183-7FE2-4CF2-9B7D-B5DDDE451B5F",
"versionEndExcluding": "15.1.10.6",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C687A8F0-CE1D-42D9-BAB9-6140450802CE",
"versionEndExcluding": "15.1.10.6",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "473AEA76-D55E-4C89-BD18-84C56C281E6C",
"versionEndExcluding": "15.1.10.6",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCF23C-18DA-4B3B-B88F-07EC8251D2FF",
"versionEndExcluding": "15.1.10.6",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8822A3-EE6D-4D22-8BAE-845F17CCA039",
"versionEndExcluding": "15.1.10.6",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A8991DF-96BD-4F1E-9820-C7E8DFE33FE2",
"versionEndExcluding": "15.1.10.6",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36F8E1BD-67A6-4E9D-BDC7-6993FA83687B",
"versionEndExcluding": "15.1.10.6",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "267C9729-5DC9-42B6-A860-1C42B97C4C1D",
"versionEndExcluding": "15.1.10.6",
"versionStartIncluding": "15.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42C5261E-CC76-48D7-A5B3-82E01BE49575",
"versionEndExcluding": "16.1.5.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8F57B7-49CE-4966-B5FD-9BFF59CA754E",
"versionEndExcluding": "16.1.5.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E754CA-395B-45F7-BFC1-2AA92AD02BE5",
"versionEndExcluding": "16.1.5.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "169502B9-8E6A-4981-AA07-B51331119908",
"versionEndExcluding": "16.1.5.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7A37F8C-E0B4-42B2-A30E-870C31BFB98D",
"versionEndExcluding": "16.1.5.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45379A02-10A9-4198-A9D5-6E8C4E01AF3E",
"versionEndExcluding": "16.1.5.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B99204C1-A38F-46CD-A104-E22D9F47FA81",
"versionEndExcluding": "16.1.5.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9B1EB5-9BBD-45C4-B13A-DC03F9B3E585",
"versionEndExcluding": "16.1.5.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A7A2AE-272A-4EBD-8AB4-493031710455",
"versionEndExcluding": "16.1.5.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBFE962-2924-4E21-8E66-4E6C8A2A7CE5",
"versionEndExcluding": "16.1.5.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "083B09EA-C864-4784-9B63-2FAF3F4FBCED",
"versionEndExcluding": "16.1.5.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC440F57-771F-4A96-9792-873DBBF6B71D",
"versionEndExcluding": "16.1.5.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70014BBC-95C8-4873-A5AD-13C0CEB084AF",
"versionEndExcluding": "16.1.5.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB30B472-660B-456D-AA9D-6FE0A7004DB2",
"versionEndExcluding": "16.1.5.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "498EC9EE-189C-4A89-AA67-5709F9FA47C3",
"versionEndExcluding": "16.1.5.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34211472-272D-4D17-A8D7-E3C89EA3A042",
"versionEndExcluding": "16.1.5.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B4E30D9-6076-4560-8B29-1B4ED07D72B5",
"versionEndExcluding": "16.1.5.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19ED7787-AEC0-45A2-A187-2BC164D9B046",
"versionEndExcluding": "16.1.5.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86330C47-96F4-4732-8179-F5275D8A4105",
"versionEndExcluding": "16.1.5.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44AC4540-A25B-47E5-8501-CA2B992BDED0",
"versionEndExcluding": "16.1.5.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28A713E8-597F-41D1-8F72-86729DDF4D56",
"versionEndExcluding": "16.1.5.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0CA138F-8EE1-40ED-98BD-509C687E8F8F",
"versionEndExcluding": "17.1.2.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8076A80-5BFB-478A-84D9-BD7CD84AE2FE",
"versionEndExcluding": "17.1.2.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1543EE-6B7F-469E-A378-D2434AE86406",
"versionEndExcluding": "17.1.2.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9EFBCC-3996-4BCA-9C2A-E37084FE12E8",
"versionEndExcluding": "17.1.2.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BADF783-875B-4685-96C5-DD280A661157",
"versionEndExcluding": "17.1.2.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "651C7CEE-A962-4771-920E-E6FA13E6817A",
"versionEndExcluding": "17.1.2.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B102BA6-EB21-40DE-8939-BA4B2D5A3B9F",
"versionEndExcluding": "17.1.2.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA7DFCC2-9953-48FC-9BDB-13A8EC34228A",
"versionEndExcluding": "17.1.2.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE8218F-C290-43A2-AC0B-3416A1850088",
"versionEndExcluding": "17.1.2.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C92188C5-1230-4030-B384-F28E222CD7AE",
"versionEndExcluding": "17.1.2.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A2D4DBD-A2FE-4F17-B64A-A66BC98801BB",
"versionEndExcluding": "17.1.2.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "794082F4-A86E-49EF-9B8D-684E568F0527",
"versionEndExcluding": "17.1.2.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0A2560-601C-4A90-93AE-CB99F4CC38B7",
"versionEndExcluding": "17.1.2.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EBCA2AF-BF51-46CB-B2A1-E539C8938237",
"versionEndExcluding": "17.1.2.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "002D9868-FEA3-424B-BEB6-41510F4B46C8",
"versionEndExcluding": "17.1.2.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BDEBA67-6390-4A05-96F7-134B0FB5A089",
"versionEndExcluding": "17.1.2.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FC1A913-2B13-4C38-806F-96DFB6231C32",
"versionEndExcluding": "17.1.2.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B786F7D8-AF15-4CD2-9ED3-3C0510585D1B",
"versionEndExcluding": "17.1.2.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49B8B566-B34A-45C3-A188-7F7DF8D1F898",
"versionEndExcluding": "17.1.2.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE937E15-FC55-4369-9C88-AA847F18EFB0",
"versionEndExcluding": "17.1.2.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABED562C-83CB-4A34-B2F9-706E7CB9E923",
"versionEndExcluding": "17.1.2.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands.\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en el comando de guardado de iControl REST y BIG-IP TMOS Shell (tmsh), que puede permitir que un atacante autenticado ejecute comandos arbitrarios del sistema. Nota: Las versiones de software que han alcanzado el fin del soporte t\u00e9cnico (EoTS) no se eval\u00faan."
}
],
"id": "CVE-2025-20029",
"lastModified": "2025-10-21T11:41:21.793",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "f5sirt@f5.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "f5sirt@f5.com",
"type": "Secondary"
}
]
},
"published": "2025-02-05T18:15:29.573",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
],
"url": "https://my.f5.com/manage/s/article/K000148587"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "f5sirt@f5.com",
"type": "Secondary"
}
]
}
GHSA-MHCP-FQHX-3JMP
Vulnerability from github – Published: 2025-02-05 18:34 – Updated: 2025-02-05 18:34
VLAI?
Details
Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity ?
{
"affected": [],
"aliases": [
"CVE-2025-20029"
],
"database_specific": {
"cwe_ids": [
"CWE-78"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-05T18:15:29Z",
"severity": "HIGH"
},
"details": "Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands.\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-mhcp-fqhx-3jmp",
"modified": "2025-02-05T18:34:46Z",
"published": "2025-02-05T18:34:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20029"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000148587"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
BDU:2025-02003
Vulnerability from fstec - Published: 05.02.2025
VLAI Severity ?
Title
Уязвимость утилиты конфигурации TMOS Shell (tmsh) интерфейса IControl REST редства контроля доступа и удаленной аутентификации BIG-IP Access Policy Manager, а также программных средств, BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, BIG-IP WebSafe, позволяющая нарушителю выполнять произвольные команды
Description
Уязвимость утилиты конфигурации TMOS Shell (tmsh) интерфейса IControl REST редства контроля доступа и удаленной аутентификации BIG-IP Access Policy Manager, а также программных средств, BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, BIG-IP WebSafe существует из-за непринятия мер по нейтрализации специальных элементов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнять произвольные команды
Severity ?
Vendor
F5 Networks, Inc.
Software Name
BIG-IP Access Policy Manager, BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Carrier-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, BIG-IP WebSafe
Software Version
до 17.2.1 (BIG-IP Access Policy Manager), до 16.1.5.2 (BIG-IP Access Policy Manager), до 15.1.10.6 (BIG-IP Access Policy Manager), до 17.1.2.1 (BIG-IP Advanced Firewall Manager), до 16.1.5.2 (BIG-IP Advanced Firewall Manager), до 15.1.10.6 (BIG-IP Advanced Firewall Manager), до 17.1.2.1 (BIG-IP Advanced Web Application Firewall), до 16.1.5.2 (BIG-IP Advanced Web Application Firewall), до 15.1.10.6 (BIG-IP Advanced Web Application Firewall), до 17.1.2.1 (BIG-IP Analytics), до 16.1.5.2 (BIG-IP Analytics), до 15.1.10.6 (BIG-IP Analytics), до 17.1.2.1 (BIG-IP Application Acceleration Manager), до 16.1.5.2 (BIG-IP Application Acceleration Manager), до 15.1.10.6 (BIG-IP Application Acceleration Manager), до 17.1.2.1 (BIG-IP Application Security Manager), до 16.1.5.2 (BIG-IP Application Security Manager), до 15.1.10.6 (BIG-IP Application Security Manager), до 17.1.2.1 (BIG-IP Application Visibility and Reporting (AVR)), до 16.1.5.2 (BIG-IP Application Visibility and Reporting (AVR)), до 15.1.10.6 (BIG-IP Application Visibility and Reporting (AVR)), до 17.1.2.1 (BIG-IP Carrier-Grade NAT (CGNAT)), до 16.1.5.2 (BIG-IP Carrier-Grade NAT (CGNAT)), до 15.1.10.6 (BIG-IP Carrier-Grade NAT (CGNAT)), до 17.1.2.1 (BIG-IP DDos Hybrid Defender), до 16.1.5.2 (BIG-IP DDos Hybrid Defender), до 15.1.10.6 (BIG-IP DDos Hybrid Defender), до 17.1.2.1 (BIG-IP Domain Name System), до 16.1.5.2 (BIG-IP Domain Name System), до 15.1.10.6 (BIG-IP Domain Name System), до 17.1.2.1 (BIG-IP Edge Gateway), до 16.1.5.2 (BIG-IP Edge Gateway), до 15.1.10.6 (BIG-IP Edge Gateway), до 17.1.2.1 (BIG-IP Fraud Protection Service), до 16.1.5.2 (BIG-IP Fraud Protection Service), до 15.1.10.6 (BIG-IP Fraud Protection Service), до 17.1.2.1 (BIG-IP Global Traffic Manager), до 16.1.5.2 (BIG-IP Global Traffic Manager), до 15.1.10.6 (BIG-IP Global Traffic Manager), до 17.1.2.1 (BIG-IP Link Controller), до 16.1.5.2 (BIG-IP Link Controller), до 15.1.10.6 (BIG-IP Link Controller), до 17.1.2.1 (BIG-IP Local Traffic Manager), до 16.1.5.2 (BIG-IP Local Traffic Manager), до 15.1.10.6 (BIG-IP Local Traffic Manager), до 17.1.2.1 (BIG-IP Policy Enforcement Manager), до 16.1.5.2 (BIG-IP Policy Enforcement Manager), до 15.1.10.6 (BIG-IP Policy Enforcement Manager), до 17.1.2.1 (BIG-IP SSL Orchestrator), до 16.1.5.2 (BIG-IP SSL Orchestrator), до 15.1.10.6 (BIG-IP SSL Orchestrator), до 17.1.2.1 (BIG-IP Webaccelerator), до 16.1.5.2 (BIG-IP Webaccelerator), до 15.1.10.6 (BIG-IP Webaccelerator), до 17.1.2.1 (BIG-IP WebSafe), до 16.1.5.2 (BIG-IP WebSafe), до 15.1.10.6 (BIG-IP WebSafe)
Possible Mitigations
Установка обновлений из доверенных источников.
В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков.
Компенсирующие меры:
- использование «белого» списка IP-адресов для организации доступа к уязвимому программному обеспечению;
- блокирование доступа к утилите tmsh;
- ограничение доступа к интерфейсу IControl REST;
- использование средств обнаружения и предотвращения вторжений для контроля сетевого трафика по 22 , 443 и 8443 TCP-портам;
- отключение/удаление неиспользуемых учётных записей пользователей;
- минимизация пользовательских привилегий.
Использование рекомендаций производителя:
https://my.f5.com/manage/s/article/K000148587
Reference
https://my.f5.com/manage/s/article/K000148587
https://github.com/mbadanoiu/CVE-2025-20029?tab=readme-ov-file
https://github.com/mbadanoiu/CVE-2025-20029/blob/main/F5%20-%20CVE-2025-20029.pdf
CWE
CWE-78
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": "AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "F5 Networks, Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 17.2.1 (BIG-IP Access Policy Manager), \u0434\u043e 16.1.5.2 (BIG-IP Access Policy Manager), \u0434\u043e 15.1.10.6 (BIG-IP Access Policy Manager), \u0434\u043e 17.1.2.1 (BIG-IP Advanced Firewall Manager), \u0434\u043e 16.1.5.2 (BIG-IP Advanced Firewall Manager), \u0434\u043e 15.1.10.6 (BIG-IP Advanced Firewall Manager), \u0434\u043e 17.1.2.1 (BIG-IP Advanced Web Application Firewall), \u0434\u043e 16.1.5.2 (BIG-IP Advanced Web Application Firewall), \u0434\u043e 15.1.10.6 (BIG-IP Advanced Web Application Firewall), \u0434\u043e 17.1.2.1 (BIG-IP Analytics), \u0434\u043e 16.1.5.2 (BIG-IP Analytics), \u0434\u043e 15.1.10.6 (BIG-IP Analytics), \u0434\u043e 17.1.2.1 (BIG-IP Application Acceleration Manager), \u0434\u043e 16.1.5.2 (BIG-IP Application Acceleration Manager), \u0434\u043e 15.1.10.6 (BIG-IP Application Acceleration Manager), \u0434\u043e 17.1.2.1 (BIG-IP Application Security Manager), \u0434\u043e 16.1.5.2 (BIG-IP Application Security Manager), \u0434\u043e 15.1.10.6 (BIG-IP Application Security Manager), \u0434\u043e 17.1.2.1 (BIG-IP Application Visibility and Reporting (AVR)), \u0434\u043e 16.1.5.2 (BIG-IP Application Visibility and Reporting (AVR)), \u0434\u043e 15.1.10.6 (BIG-IP Application Visibility and Reporting (AVR)), \u0434\u043e 17.1.2.1 (BIG-IP Carrier-Grade NAT (CGNAT)), \u0434\u043e 16.1.5.2 (BIG-IP Carrier-Grade NAT (CGNAT)), \u0434\u043e 15.1.10.6 (BIG-IP Carrier-Grade NAT (CGNAT)), \u0434\u043e 17.1.2.1 (BIG-IP DDos Hybrid Defender), \u0434\u043e 16.1.5.2 (BIG-IP DDos Hybrid Defender), \u0434\u043e 15.1.10.6 (BIG-IP DDos Hybrid Defender), \u0434\u043e 17.1.2.1 (BIG-IP Domain Name System), \u0434\u043e 16.1.5.2 (BIG-IP Domain Name System), \u0434\u043e 15.1.10.6 (BIG-IP Domain Name System), \u0434\u043e 17.1.2.1 (BIG-IP Edge Gateway), \u0434\u043e 16.1.5.2 (BIG-IP Edge Gateway), \u0434\u043e 15.1.10.6 (BIG-IP Edge Gateway), \u0434\u043e 17.1.2.1 (BIG-IP Fraud Protection Service), \u0434\u043e 16.1.5.2 (BIG-IP Fraud Protection Service), \u0434\u043e 15.1.10.6 (BIG-IP Fraud Protection Service), \u0434\u043e 17.1.2.1 (BIG-IP Global Traffic Manager), \u0434\u043e 16.1.5.2 (BIG-IP Global Traffic Manager), \u0434\u043e 15.1.10.6 (BIG-IP Global Traffic Manager), \u0434\u043e 17.1.2.1 (BIG-IP Link Controller), \u0434\u043e 16.1.5.2 (BIG-IP Link Controller), \u0434\u043e 15.1.10.6 (BIG-IP Link Controller), \u0434\u043e 17.1.2.1 (BIG-IP Local Traffic Manager), \u0434\u043e 16.1.5.2 (BIG-IP Local Traffic Manager), \u0434\u043e 15.1.10.6 (BIG-IP Local Traffic Manager), \u0434\u043e 17.1.2.1 (BIG-IP Policy Enforcement Manager), \u0434\u043e 16.1.5.2 (BIG-IP Policy Enforcement Manager), \u0434\u043e 15.1.10.6 (BIG-IP Policy Enforcement Manager), \u0434\u043e 17.1.2.1 (BIG-IP SSL Orchestrator), \u0434\u043e 16.1.5.2 (BIG-IP SSL Orchestrator), \u0434\u043e 15.1.10.6 (BIG-IP SSL Orchestrator), \u0434\u043e 17.1.2.1 (BIG-IP Webaccelerator), \u0434\u043e 16.1.5.2 (BIG-IP Webaccelerator), \u0434\u043e 15.1.10.6 (BIG-IP Webaccelerator), \u0434\u043e 17.1.2.1 (BIG-IP WebSafe), \u0434\u043e 16.1.5.2 (BIG-IP WebSafe), \u0434\u043e 15.1.10.6 (BIG-IP WebSafe)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u00ab\u0431\u0435\u043b\u043e\u0433\u043e\u00bb \u0441\u043f\u0438\u0441\u043a\u0430 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c\u0443 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c\u0443 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044e;\n- \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0442\u0438\u043b\u0438\u0442\u0435 tmsh;\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0443 IControl REST;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0442\u0440\u0430\u0444\u0438\u043a\u0430 \u043f\u043e 22 , 443 \u0438 8443 TCP-\u043f\u043e\u0440\u0442\u0430\u043c;\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435/\u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439;\n- \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://my.f5.com/manage/s/article/K000148587",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.02.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "25.02.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.02.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-02003",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-20029",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "BIG-IP Access Policy Manager, BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Carrier-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, BIG-IP WebSafe",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 TMOS Shell (tmsh) \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 IControl REST \u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 BIG-IP Access Policy Manager, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432, BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, BIG-IP WebSafe, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b) (CWE-78)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 TMOS Shell (tmsh) \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 IControl REST \u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 BIG-IP Access Policy Manager, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432, BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, BIG-IP WebSafe \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u044f \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://my.f5.com/manage/s/article/K000148587\nhttps://github.com/mbadanoiu/CVE-2025-20029?tab=readme-ov-file\nhttps://github.com/mbadanoiu/CVE-2025-20029/blob/main/F5%20-%20CVE-2025-20029.pdf",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0437\u0430\u0449\u0438\u0442\u044b, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-78",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,7)"
}
NCSC-2025-0041
Vulnerability from csaf_ncscnl - Published: 2025-02-07 07:38 - Updated: 2025-02-11 06:51Summary
Kwetsbaarheden verholpen in F5 BIG-IP
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: F5 heeft kwetsbaarheden verholpen in BIG-IP.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Omzeilen van een beveiligingsmaatregel
- Uitvoer van willekeurige code (Root/admin)
- Uitvoer van willekeurige code (Gebruiker)
- Toegang tot gevoelige gegevens
Oplossingen: F5 heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-772: Missing Release of Resource after Effective Lifetime
CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-311: Missing Encryption of Sensitive Data
CWE-426: Untrusted Search Path
CWE-345: Insufficient Verification of Data Authenticity
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-190: Integer Overflow or Wraparound
CWE-693: Protection Mechanism Failure
CWE-125: Out-of-bounds Read
CWE-401: Missing Release of Memory after Effective Lifetime
CWE-476: NULL Pointer Dereference
CWE-400: Uncontrolled Resource Consumption
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-787: Out-of-bounds Write
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-20: Improper Input Validation
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-190
- Integer Overflow or Wraparound
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
CWE-476
- NULL Pointer Dereference
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
7.0 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
8.8 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
CWE-693
- Protection Mechanism Failure
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
8.8 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
8.7 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
4.4 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
CWE-345
- Insufficient Verification of Data Authenticity
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
4.3 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
6.5 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
8.0 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
big-ip
f5
|
cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next
f5
|
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_central_manager
f5
|
cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_cnf
f5
|
cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*
|
— | |
|
big-ip_next_spk
f5
|
cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*
|
— | |
|
nginx_open_source
f5
|
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
|
— | |
|
nginx_plus
f5
|
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
|
— |
References
38 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "F5 heeft kwetsbaarheden verholpen in BIG-IP.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Omzeilen van een beveiligingsmaatregel\n- Uitvoer van willekeurige code (Root/admin)\n- Uitvoer van willekeurige code (Gebruiker)\n- Toegang tot gevoelige gegevens",
"title": "Interpretaties"
},
{
"category": "description",
"text": "F5 heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Missing Release of Resource after Effective Lifetime",
"title": "CWE-772"
},
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "general",
"text": "Missing Encryption of Sensitive Data",
"title": "CWE-311"
},
{
"category": "general",
"text": "Untrusted Search Path",
"title": "CWE-426"
},
{
"category": "general",
"text": "Insufficient Verification of Data Authenticity",
"title": "CWE-345"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Protection Mechanism Failure",
"title": "CWE-693"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://my.f5.com/manage/s/article/K000138757"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://my.f5.com/manage/s/article/K000138932"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://my.f5.com/manage/s/article/K000139656"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://my.f5.com/manage/s/article/K000139778"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://my.f5.com/manage/s/article/K000140578"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://my.f5.com/manage/s/article/K000140920"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://my.f5.com/manage/s/article/K000140933"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://my.f5.com/manage/s/article/K000140947"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://my.f5.com/manage/s/article/K000140950"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://my.f5.com/manage/s/article/K000141003"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://my.f5.com/manage/s/article/K000148587"
}
],
"title": "Kwetsbaarheden verholpen in F5 BIG-IP",
"tracking": {
"current_release_date": "2025-02-11T06:51:17.629249Z",
"id": "NCSC-2025-0041",
"initial_release_date": "2025-02-07T07:38:11.981975Z",
"revision_history": [
{
"date": "2025-02-07T07:38:11.981975Z",
"number": "0",
"summary": "Initiele versie"
},
{
"date": "2025-02-11T06:51:17.629249Z",
"number": "1",
"summary": "Door een technisch issue is deze advisory eerder verstuurd met een invalide signature, waardoor automatische verwerking mogelijk verstoord is. Deze update verhelpt dat. Er is verder geen inhoudelijke wijziging."
}
],
"status": "final",
"version": "1.0.1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "big-ip",
"product": {
"name": "big-ip",
"product_id": "CSAFPID-310988",
"product_identification_helper": {
"cpe": "cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "big-ip_next",
"product": {
"name": "big-ip_next",
"product_id": "CSAFPID-636427",
"product_identification_helper": {
"cpe": "cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "big-ip_next_central_manager",
"product": {
"name": "big-ip_next_central_manager",
"product_id": "CSAFPID-1620063",
"product_identification_helper": {
"cpe": "cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "big-ip_next_cnf",
"product": {
"name": "big-ip_next_cnf",
"product_id": "CSAFPID-636429",
"product_identification_helper": {
"cpe": "cpe:2.3:a:f5:big-ip_next_cnf:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "big-ip_next_spk",
"product": {
"name": "big-ip_next_spk",
"product_id": "CSAFPID-636428",
"product_identification_helper": {
"cpe": "cpe:2.3:a:f5:big-ip_next_spk:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "nginx_open_source",
"product": {
"name": "nginx_open_source",
"product_id": "CSAFPID-842689",
"product_identification_helper": {
"cpe": "cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "nginx_plus",
"product": {
"name": "nginx_plus",
"product_id": "CSAFPID-842688",
"product_identification_helper": {
"cpe": "cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "f5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-0064",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2014-0064",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2014/CVE-2014-0064.json"
}
],
"title": "CVE-2014-0064"
},
{
"cve": "CVE-2014-0065",
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2014-0065",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2014/CVE-2014-0065.json"
}
],
"title": "CVE-2014-0065"
},
{
"cve": "CVE-2014-0066",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2014-0066",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2014/CVE-2014-0066.json"
}
],
"title": "CVE-2014-0066"
},
{
"cve": "CVE-2014-0067",
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2014-0067",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2014/CVE-2014-0067.json"
}
],
"title": "CVE-2014-0067"
},
{
"cve": "CVE-2019-5010",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2019-5010",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-5010.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2019-5010"
},
{
"cve": "CVE-2019-16056",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "other",
"text": "Missing Encryption of Sensitive Data",
"title": "CWE-311"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2019-16056",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-16056.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2019-16056"
},
{
"cve": "CVE-2022-26488",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"notes": [
{
"category": "other",
"text": "Untrusted Search Path",
"title": "CWE-426"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-26488",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-26488.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2022-26488"
},
{
"cve": "CVE-2024-36242",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"notes": [
{
"category": "other",
"text": "Protection Mechanism Failure",
"title": "CWE-693"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-36242",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36242.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2024-36242"
},
{
"cve": "CVE-2024-38660",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"notes": [
{
"category": "other",
"text": "Protection Mechanism Failure",
"title": "CWE-693"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38660",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38660.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2024-38660"
},
{
"cve": "CVE-2024-56337",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-56337",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56337.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2024-56337"
},
{
"cve": "CVE-2025-20029",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-20029",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20029.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2025-20029"
},
{
"cve": "CVE-2025-20045",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-20045",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20045.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2025-20045"
},
{
"cve": "CVE-2025-20058",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-20058",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-20058.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2025-20058"
},
{
"cve": "CVE-2025-21087",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21087",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21087.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2025-21087"
},
{
"cve": "CVE-2025-21091",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21091",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21091.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2025-21091"
},
{
"cve": "CVE-2025-22846",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-22846",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-22846.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2025-22846"
},
{
"cve": "CVE-2025-22891",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Resource after Effective Lifetime",
"title": "CWE-772"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-22891",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-22891.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2025-22891"
},
{
"cve": "CVE-2025-23239",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-23239",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23239.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2025-23239"
},
{
"cve": "CVE-2025-23412",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-23412",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23412.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2025-23412"
},
{
"cve": "CVE-2025-23413",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-23413",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23413.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2025-23413"
},
{
"cve": "CVE-2025-23415",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"notes": [
{
"category": "other",
"text": "Insufficient Verification of Data Authenticity",
"title": "CWE-345"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-23415",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23415.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2025-23415"
},
{
"cve": "CVE-2025-23419",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "other",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-23419",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23419.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2025-23419"
},
{
"cve": "CVE-2025-24312",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-24312",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24312.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2025-24312"
},
{
"cve": "CVE-2025-24319",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-24319",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24319.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2025-24319"
},
{
"cve": "CVE-2025-24320",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-24320",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24320.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2025-24320"
},
{
"cve": "CVE-2025-24326",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-24326",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24326.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2025-24326"
},
{
"cve": "CVE-2025-24497",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-24497",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24497.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-310988",
"CSAFPID-636427",
"CSAFPID-1620063",
"CSAFPID-636429",
"CSAFPID-636428",
"CSAFPID-842689",
"CSAFPID-842688"
]
}
],
"title": "CVE-2025-24497"
}
]
}
WID-SEC-W-2025-0287
Vulnerability from csaf_certbund - Published: 2025-02-05 23:00 - Updated: 2025-02-23 23:00Summary
F5 BIG-IP: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: F5 FirePass ist ein SSL-VPN Gateway der F5 Corporation. Die BIG-IP ist eine Netzwerk Appliance auf der die meisten F5 Produkte laufen.
Angriff: Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebige Systembefehle auszuführen, Sicherheitsmaßnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuführen und einen Denial-of-Service-Zustand zu erzeugen.
Betroffene Betriebssysteme: - F5 Networks
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— |
References
21 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "F5 FirePass ist ein SSL-VPN Gateway der F5 Corporation. Die BIG-IP ist eine Netzwerk Appliance auf der die meisten F5 Produkte laufen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebige Systembefehle auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren und einen Denial-of-Service-Zustand zu erzeugen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- F5 Networks",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0287 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0287.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0287 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0287"
},
{
"category": "external",
"summary": "F5 Quarterly Security Notification vom 2025-02-05",
"url": "https://my.f5.com/manage/s/article/K000149540"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2025-02-05",
"url": "https://my.f5.com/manage/s/article/K000148587"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2025-02-05",
"url": "https://my.f5.com/manage/s/article/K000138757"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2025-02-05",
"url": "https://my.f5.com/manage/s/article/K000140578"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2025-02-05",
"url": "https://my.f5.com/manage/s/article/K000134888"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2025-02-05",
"url": "https://my.f5.com/manage/s/article/K000138932"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2025-02-05",
"url": "https://my.f5.com/manage/s/article/K000139780"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2025-02-05",
"url": "https://my.f5.com/manage/s/article/K000139778"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2025-02-05",
"url": "https://my.f5.com/manage/s/article/K000140920"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2025-02-05",
"url": "https://my.f5.com/manage/s/article/K000140933"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2025-02-05",
"url": "https://my.f5.com/manage/s/article/K000140947"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2025-02-05",
"url": "https://my.f5.com/manage/s/article/K000140950"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2025-02-05",
"url": "https://my.f5.com/manage/s/article/K000141003"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2025-02-05",
"url": "https://my.f5.com/manage/s/article/K000141380"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2025-02-05",
"url": "https://my.f5.com/manage/s/article/K000148412"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2025-02-05",
"url": "https://my.f5.com/manage/s/article/K000149185"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2025-02-05",
"url": "https://my.f5.com/manage/s/article/K000149173"
},
{
"category": "external",
"summary": "F5 Security Advisory vom 2025-02-05",
"url": "https://my.f5.com/manage/s/article/K000139656"
},
{
"category": "external",
"summary": "PoC auf GitHub vom 2025-02-23",
"url": "https://github.com/mbadanoiu/CVE-2025-20029"
}
],
"source_lang": "en-US",
"title": "F5 BIG-IP: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-02-23T23:00:00.000+00:00",
"generator": {
"date": "2025-02-24T09:09:22.161+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0287",
"initial_release_date": "2025-02-05T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-02-05T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-02-06T23:00:00.000+00:00",
"number": "2",
"summary": "CVSS korrigiert"
},
{
"date": "2025-02-23T23:00:00.000+00:00",
"number": "3",
"summary": "PoC aufgenommen und Bewertung angepasst"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T040887",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
}
],
"category": "vendor",
"name": "F5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-20029",
"product_status": {
"known_affected": [
"T040887"
]
},
"release_date": "2025-02-05T23:00:00.000+00:00",
"title": "CVE-2025-20029"
},
{
"cve": "CVE-2025-20045",
"product_status": {
"known_affected": [
"T040887"
]
},
"release_date": "2025-02-05T23:00:00.000+00:00",
"title": "CVE-2025-20045"
},
{
"cve": "CVE-2025-20058",
"product_status": {
"known_affected": [
"T040887"
]
},
"release_date": "2025-02-05T23:00:00.000+00:00",
"title": "CVE-2025-20058"
},
{
"cve": "CVE-2025-21087",
"product_status": {
"known_affected": [
"T040887"
]
},
"release_date": "2025-02-05T23:00:00.000+00:00",
"title": "CVE-2025-21087"
},
{
"cve": "CVE-2025-21091",
"product_status": {
"known_affected": [
"T040887"
]
},
"release_date": "2025-02-05T23:00:00.000+00:00",
"title": "CVE-2025-21091"
},
{
"cve": "CVE-2025-22846",
"product_status": {
"known_affected": [
"T040887"
]
},
"release_date": "2025-02-05T23:00:00.000+00:00",
"title": "CVE-2025-22846"
},
{
"cve": "CVE-2025-22891",
"product_status": {
"known_affected": [
"T040887"
]
},
"release_date": "2025-02-05T23:00:00.000+00:00",
"title": "CVE-2025-22891"
},
{
"cve": "CVE-2025-23239",
"product_status": {
"known_affected": [
"T040887"
]
},
"release_date": "2025-02-05T23:00:00.000+00:00",
"title": "CVE-2025-23239"
},
{
"cve": "CVE-2025-23412",
"product_status": {
"known_affected": [
"T040887"
]
},
"release_date": "2025-02-05T23:00:00.000+00:00",
"title": "CVE-2025-23412"
},
{
"cve": "CVE-2025-23413",
"product_status": {
"known_affected": [
"T040887"
]
},
"release_date": "2025-02-05T23:00:00.000+00:00",
"title": "CVE-2025-23413"
},
{
"cve": "CVE-2025-23415",
"product_status": {
"known_affected": [
"T040887"
]
},
"release_date": "2025-02-05T23:00:00.000+00:00",
"title": "CVE-2025-23415"
},
{
"cve": "CVE-2025-23419",
"product_status": {
"known_affected": [
"T040887"
]
},
"release_date": "2025-02-05T23:00:00.000+00:00",
"title": "CVE-2025-23419"
},
{
"cve": "CVE-2025-24312",
"product_status": {
"known_affected": [
"T040887"
]
},
"release_date": "2025-02-05T23:00:00.000+00:00",
"title": "CVE-2025-24312"
},
{
"cve": "CVE-2025-24319",
"product_status": {
"known_affected": [
"T040887"
]
},
"release_date": "2025-02-05T23:00:00.000+00:00",
"title": "CVE-2025-24319"
},
{
"cve": "CVE-2025-24320",
"product_status": {
"known_affected": [
"T040887"
]
},
"release_date": "2025-02-05T23:00:00.000+00:00",
"title": "CVE-2025-24320"
},
{
"cve": "CVE-2025-24326",
"product_status": {
"known_affected": [
"T040887"
]
},
"release_date": "2025-02-05T23:00:00.000+00:00",
"title": "CVE-2025-24326"
},
{
"cve": "CVE-2025-24497",
"product_status": {
"known_affected": [
"T040887"
]
},
"release_date": "2025-02-05T23:00:00.000+00:00",
"title": "CVE-2025-24497"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…