Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-53521 (GCVE-0-2025-53521)
Vulnerability from cvelistv5 – Published: 2025-10-15 13:55 – Updated: 2026-03-31 16:04
VLAI?
EPSS
CISA KEV
Title
BigIP APM Vulnerability
Summary
When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity ?
9.8 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Date Public ?
2025-10-15 14:00
Credits
F5 would like to thank Kristian Vlaardingerbroek, Hugo Trippaers, and other people of Schuberg Philis; Bart Vrancken; Fox-IT; and the National Cyber Security Centre (NCSC) in the Netherlands for their assistance in investigating this issue and following the highest standards of coordinated disclosure.
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: f2792b14-1f12-4e06-a8c5-a28a376b8c65
Exploited: Yes
Timestamps
First Seen: 2026-03-27
Asserted: 2026-03-27
Scope
Notes: KEV entry: F5 BIG-IP Unspecified Vulnerability | Affected: F5 / BIG-IP | Description: F5 BIG-IP AMP contains an unspecified vulnerability that could allow a threat actor to achieve remote code execution. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Please adhere to F5’s guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible F5 products affected by this vulnerability. For more information please see: https://my.f5.com/manage/s/article/K000156741 ; https://my.f5.com/manage/s/article/K000160486 ; https://my.f5.com/manage/s/article/K11438344 ; https://nvd.nist.gov/vuln/detail/CVE-2025-53521
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | BIG-IP |
| Due Date | 2026-03-30 |
| Date Added | 2026-03-27 |
| Vendorproject | F5 |
| Vulnerabilityname | F5 BIG-IP Unspecified Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-03-27 20:00 UTC
| Updated: 2026-03-27 20:00 UTC
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53521",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-28T03:55:47.100165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-03-27",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53521"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-29T13:56:45.917Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53521"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"APM"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "17.5.1.3",
"status": "affected",
"version": "17.5.0",
"versionType": "custom"
},
{
"lessThan": "17.1.3",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
},
{
"lessThan": "16.1.6.1",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
},
{
"lessThan": "15.1.10.8",
"status": "affected",
"version": "15.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "F5 would like to thank Kristian Vlaardingerbroek, Hugo Trippaers, and other people of Schuberg Philis; Bart Vrancken; Fox-IT; and the National Cyber Security Centre (NCSC) in the Netherlands for their assistance in investigating this issue and following the highest standards of coordinated disclosure."
}
],
"datePublic": "2025-10-15T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).\u003c/span\u003e\u0026nbsp;\u0026nbsp;\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\u003c/span\u003e"
}
],
"value": "When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).\u00a0\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T16:04:27.360Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000156741"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "BigIP APM Vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2025-53521",
"datePublished": "2025-10-15T13:55:52.694Z",
"dateReserved": "2025-10-03T23:04:38.083Z",
"dateUpdated": "2026-03-31T16:04:27.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2025-53521",
"dateAdded": "2026-03-27",
"dueDate": "2026-03-30",
"knownRansomwareCampaignUse": "Unknown",
"notes": "Please adhere to F5\u2019s guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible F5 products affected by this vulnerability. For more information please see: https://my.f5.com/manage/s/article/K000156741 ; https://my.f5.com/manage/s/article/K000160486 ; https://my.f5.com/manage/s/article/K11438344 ; https://nvd.nist.gov/vuln/detail/CVE-2025-53521",
"product": "BIG-IP",
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"shortDescription": "F5 BIG-IP APM contains an unspecified vulnerability that could allow a threat actor to achieve remote code execution.",
"vendorProject": "F5",
"vulnerabilityName": "F5 BIG-IP Unspecified Vulnerability"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-53521\",\"sourceIdentifier\":\"f5sirt@f5.com\",\"published\":\"2025-10-15T14:15:48.377\",\"lastModified\":\"2026-03-31T17:12:31.053\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).\u00a0\u00a0\\n\\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2026-03-27\",\"cisaActionDue\":\"2026-03-30\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"F5 BIG-IP Unspecified Vulnerability\",\"weaknesses\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.10.8\",\"matchCriteriaId\":\"A7A0C1CA-EDEF-463F-B7C8-8B9E67239FC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.6.1\",\"matchCriteriaId\":\"6494E2A7-1473-46C0-97F8-90827D9466AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.3\",\"matchCriteriaId\":\"96D35435-27A7-4A88-9432-1F5AB0112B8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.5.0\",\"versionEndExcluding\":\"17.5.1.3\",\"matchCriteriaId\":\"252ED1A4-5F29-4440-B1BA-9621E6791812\"}]}]}],\"references\":[{\"url\":\"https://my.f5.com/manage/s/article/K000156741\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53521\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-53521\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-28T03:55:47.100165Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2026-03-27\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53521\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53521\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-15T15:32:22.317Z\"}}], \"cna\": {\"title\": \"BigIP APM Vulnerability\", \"source\": {\"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"F5\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"F5\", \"modules\": [\"APM\"], \"product\": \"BIG-IP\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.5.0\", \"lessThan\": \"17.5.1.3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"17.1.0\", \"lessThan\": \"17.1.3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"16.1.0\", \"lessThan\": \"16.1.6.1\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"15.1.0\", \"lessThan\": \"15.1.10.8\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2025-10-15T14:00:00.000Z\", \"references\": [{\"url\": \"https://my.f5.com/manage/s/article/K000156741\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"F5 SIRTBot v1.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).\\u00a0\\u00a0\\n\\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eWhen a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).\u003c/span\u003e\u0026nbsp;\u0026nbsp;\\n\\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\\n\\n\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"9dacffd4-cb11-413f-8451-fbbfd4ddc0ab\", \"shortName\": \"f5\", \"dateUpdated\": \"2026-03-27T17:54:37.332Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-53521\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-29T13:56:45.917Z\", \"dateReserved\": \"2025-10-03T23:04:38.083Z\", \"assignerOrgId\": \"9dacffd4-cb11-413f-8451-fbbfd4ddc0ab\", \"datePublished\": \"2025-10-15T13:55:52.694Z\", \"assignerShortName\": \"f5\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-ALE-004
Vulnerability from certfr_alerte - Published: 2026-03-31 - Updated: 2026-03-31
Le 15 octobre 2025, F5 a publié un avis de sécurité concernant entre autres la vulnérabilité CVE-2025-53521. Celle-ci affecte BIG-IP APM et permet à un attaquant non authentifié d'exécuter du code à distance.
Le 29 mars 2026, l'éditeur indique que cette vulnérabilité est exploitée activement.
Le CERT-FR recommande d'effectuer une recherche de compromission en s'appuyant sur les éléments documentés par F5 dans son billet de blogue [1] :
- Indicateurs de compromission dans le système de fichiers :
- la présence des fichiers
/run/bigtlog.pipeou/run/bigstart.ltm; - des condensats des fichiers
/usr/bin/umountet/usr/sbin/httpddifférents de ceux des versions légitimes ; - des tailles de fichiers ou date de création des fichiers
/usr/bin/umountet/usr/sbin/httpddifférentes de celles des versions légitimes. - Indicateurs de compromission dans les journaux :
- dans les fichiers
/var/log/restjavad-audit.<NUMBER>.log, vérifier la présence d'entrées de la forme suivante, indiquant une requête iControl via API REST par un utilisateur local : - dans les fichiers
/var/log/auditd/audit.log.<NUMBER>, vérifier la présence d'entrées de la forme suivante, indiquant des tentatives de désactivation du système SELinux lors d'une requête iControl via API REST : - dans le fichier
/var/log/audit, vérifier la présence d'entrées de la forme suivante : - Indicateurs de compromission lors d'exécutions de commandes de contrôle :
- exécution de
sys‑eicheck: il s'agit d'un vérificateur d’intégrité du système, composant logiciel installé sur les appliances BIG‑IP. Il s’appuie sur la fonctionnalité de vérification d’intégrité des paquets RPM et confronte les exécutables présents sur le disque aux empreintes (condensats) stockées dans la base de données RPM. Lorsqu’une différence est constatée, le système alerte les utilisateurs.
L'exécution de cette commande peut indiquer des erreurs de conformité, en particulier concernant les fichiers - exécution de
lsof -n: le système est compromis si la présence de/run/bigtlog.pipeest avérée.
[ForwarderPassThroughWorker{"user":"local/f5hubblelcdadmin","method":"POST","uri":"http://localhost:8100/mgmt/tm/util/bash","status":200,"from":"Unknown"}
msg='avc: received setenforce notice (enforcing=0) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
user=f5hubblelcdadmin folder=/Common module=(tmos)# status=[Command OK] cmd_data=run util bash <VARIABLE_COMMAND>Cette entrée illustre un exemple de commande exécutée et consignée dans le journal d’audit, corrélée à la requête iControl REST mentionnée ci‑dessus.
/usr/bin/umount ou /usr/sbin/httpd.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | BIG-IP | BIG-IP Access Policy Manager (tous les modules) versions 17.1.x antérieures à 17.1.3 | ||
| F5 | BIG-IP | BIG-IP Access Policy Manager (tous les modules) versions 15.1.x antérieures à 15.1.10.8 | ||
| F5 | BIG-IP | BIG-IP Access Policy Manager (tous les modules) versions 17.5.x antérieures à 17.5.1.3 | ||
| F5 | BIG-IP | BIG-IP Access Policy Manager (tous les modules) versions 16.1.x antérieures à 16.1.6.1 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIG-IP Access Policy Manager (tous les modules) versions 17.1.x ant\u00e9rieures \u00e0 17.1.3",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Access Policy Manager (tous les modules) versions 15.1.x ant\u00e9rieures \u00e0 15.1.10.8",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Access Policy Manager (tous les modules) versions 17.5.x ant\u00e9rieures \u00e0 17.5.1.3",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Access Policy Manager (tous les modules) versions 16.1.x ant\u00e9rieures \u00e0 16.1.6.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": "",
"closed_at": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-53521",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53521"
}
],
"initial_release_date": "2026-03-31T00:00:00",
"last_revision_date": "2026-03-31T00:00:00",
"links": [
{
"title": "Consid\u00e9rations et conseils \u00e0 suivre si vous soup\u00e7onnez une faille de s\u00e9curit\u00e9 sur un syst\u00e8me BIG-IP",
"url": "https://my.f5.com/manage/s/article/K11438344"
},
{
"title": "[1] Marqueur de compromission pour c05d5254",
"url": "https://my.f5.com/manage/s/article/K000160486"
},
{
"title": "Avis CERT-FR CERTFR-2025-AVI-0886 du 16 octobre 2025",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0886/"
}
],
"reference": "CERTFR-2026-ALE-004",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Le 15 octobre 2025, F5 a publi\u00e9 un avis de s\u00e9curit\u00e9 concernant entre autres la vuln\u00e9rabilit\u00e9 CVE-2025-53521. Celle-ci affecte BIG-IP APM et permet \u00e0 un attaquant non authentifi\u00e9 d\u0027ex\u00e9cuter du code \u00e0 distance.\u003cbr\u003e\nLe 29 mars 2026, l\u0027\u00e9diteur indique que cette vuln\u00e9rabilit\u00e9 est exploit\u00e9e activement.\n\nLe CERT-FR recommande d\u0027effectuer une recherche de compromission en s\u0027appuyant sur les \u00e9l\u00e9ments document\u00e9s par F5 dans son billet de blogue [1] :\n\u003col\u003e\n\u003cli\u003eIndicateurs de compromission dans le syst\u00e8me de fichiers :\u003c/li\u003e\n\u003cul\u003e\n\u003cli\u003ela pr\u00e9sence des fichiers \u003ccode\u003e/run/bigtlog.pipe\u003c/code\u003e ou \u003ccode\u003e/run/bigstart.ltm\u003c/code\u003e ;\u003c/li\u003e\n\u003cli\u003edes condensats des fichiers \u003ccode\u003e/usr/bin/umount\u003c/code\u003e et \u003ccode\u003e/usr/sbin/httpd\u003c/code\u003e diff\u00e9rents de ceux des versions l\u00e9gitimes ;\u003c/li\u003e\n\u003cli\u003edes tailles de fichiers ou date de cr\u00e9ation des fichiers \u003ccode\u003e/usr/bin/umount\u003c/code\u003e et \u003ccode\u003e/usr/sbin/httpd\u003c/code\u003e diff\u00e9rentes de celles des versions l\u00e9gitimes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cli\u003eIndicateurs de compromission dans les journaux :\u003c/li\u003e\n\u003cul\u003e\n\u003cli\u003edans les fichiers \u003ccode\u003e/var/log/restjavad-audit.\u0026lt;NUMBER\u0026gt;.log\u003c/code\u003e, v\u00e9rifier la pr\u00e9sence d\u0027entr\u00e9es de la forme suivante, indiquant une requ\u00eate iControl via API REST par un utilisateur local :\u003c/li\u003e\n\u003cpre\u003e\n[ForwarderPassThroughWorker{\"user\":\"local/f5hubblelcdadmin\",\"method\":\"POST\",\"uri\":\"http://localhost:8100/mgmt/tm/util/bash\",\"status\":200,\"from\":\"Unknown\"}\n\u003c/pre\u003e\n\u003cli\u003edans les fichiers \u003ccode\u003e/var/log/auditd/audit.log.\u0026lt;NUMBER\u0026gt;\u003c/code\u003e, v\u00e9rifier la pr\u00e9sence d\u0027entr\u00e9es de la forme suivante, indiquant des tentatives de d\u00e9sactivation du syst\u00e8me SELinux lors d\u0027une requ\u00eate iControl via API REST :\u003c/li\u003e\n\u003cpre\u003e\nmsg=\u0027avc: received setenforce notice (enforcing=0) exe=\"/usr/lib/systemd/systemd\" sauid=0 hostname=? addr=? terminal=?\u0027\n\u003c/pre\u003e\n\u003cli\u003edans le fichier \u003ccode\u003e/var/log/audit\u003c/code\u003e, v\u00e9rifier la pr\u00e9sence d\u0027entr\u00e9es de la forme suivante :\u003c/li\u003e\n\u003cpre\u003e\nuser=f5hubblelcdadmin folder=/Common module=(tmos)# status=[Command OK] cmd_data=run util bash \u0026lt;VARIABLE_COMMAND\u0026gt;\n\u003c/pre\u003e\nCette entr\u00e9e illustre un exemple de commande ex\u00e9cut\u00e9e et consign\u00e9e dans le journal d\u2019audit, corr\u00e9l\u00e9e \u00e0 la requ\u00eate iControl\u202fREST mentionn\u00e9e ci\u2011dessus.\n\u003c/ul\u003e\n\u003cli\u003eIndicateurs de compromission lors d\u0027ex\u00e9cutions de commandes de contr\u00f4le :\u003c/li\u003e\n\u003cul\u003e\n\u003cli\u003eex\u00e9cution de \u003ccode\u003esys\u2011eicheck\u003c/code\u003e : il s\u0027agit d\u0027un v\u00e9rificateur d\u2019int\u00e9grit\u00e9 du syst\u00e8me, composant logiciel install\u00e9 sur les appliances BIG\u2011IP. Il s\u2019appuie sur la fonctionnalit\u00e9 de v\u00e9rification d\u2019int\u00e9grit\u00e9 des paquets RPM et confronte les ex\u00e9cutables pr\u00e9sents sur le disque aux empreintes (condensats) stock\u00e9es dans la base de donn\u00e9es RPM. Lorsqu\u2019une diff\u00e9rence est constat\u00e9e, le syst\u00e8me alerte les utilisateurs.\u003c/li\u003e\n\nL\u0027ex\u00e9cution de cette commande peut indiquer des erreurs de conformit\u00e9, en particulier concernant les fichiers \u003ccode\u003e/usr/bin/umount\u003c/code\u003e ou \u003ccode\u003e/usr/sbin/httpd\u003c/code\u003e.\n\n\u003cli\u003eex\u00e9cution de \u003ccode\u003elsof -n\u003c/code\u003e : le syst\u00e8me est compromis si la pr\u00e9sence de \u003ccode\u003e/run/bigtlog.pipe\u003c/code\u003e est av\u00e9r\u00e9e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/ol\u003e",
"title": "Vuln\u00e9rabilit\u00e9 dans F5 BIG-IP Access Policy Manager",
"vendor_advisories": [
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 F5 K000156741",
"url": "https://my.f5.com/manage/s/article/K000156741"
}
]
}
NCSC-2025-0319
Vulnerability from csaf_ncscnl - Published: 2025-10-15 15:21 - Updated: 2026-03-27 18:09Summary
Kwetsbaarheden verholpen in F5 Networks BIG-IP, F5OS en NGINX App Protect WAF
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: F5 Networks heeft kwetsbaarheden verholpen in de BIG-IP- en F5OS-productlijnen en NGINX App Protect WAF.
Interpretaties: De kwetsbaarheden omvatten verschillende configuratieproblemen en exploitatievectoren. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service
- Manipulatie van gegevens
- Uitvoeren van willekeurige code (root/adminrechten)
- Toegang tot gevoelige gegevens
- Verkrijgen van verhoogde rechten
Oplossingen: F5 Networks heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Aanvullend op bovengenoemd beveiligingsadvies heeft F5 Networks een websitebericht gepubliceerd over een beveiligingsincident op hun systemen. F5 Networks adviseert klanten hierin de laatste beveiligingsupdates zo snel mogelijk te installeren. Daarnaast heeft F5 Networks detectie- en hardeningmaatregelen gedeeld, en adviseert het bedrijf deze maatregelen in te zetten. Lees het websitebericht voor meer informatie.
**UPDATE 27/01/2026**
F5 heeft een update geplaatst op de website betreffende CVE-2025-53521. Het NCSC heeft waargenomen dat er misbruik is gemaakt van deze kwetsbaarheid.
Kans: medium
Schade: high
CWE-459: Incomplete Cleanup
CWE-476: NULL Pointer Dereference
CWE-672: Operation on a Resource after Expiration or Release
CWE-674: Uncontrolled Recursion
CWE-703: Improper Check or Handling of Exceptional Conditions
CWE-705: Incorrect Control Flow Scoping
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-824: Access of Uninitialized Pointer
CWE-1284: Improper Validation of Specified Quantity in Input
CWE-73: External Control of File Name or Path
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-125: Out-of-bounds Read
CWE-146: Improper Neutralization of Expression/Command Delimiters
CWE-201: Insertion of Sensitive Information Into Sent Data
CWE-214: Invocation of Process Using Visible Sensitive Information
CWE-250: Execution with Unnecessary Privileges
CWE-252: Unchecked Return Value
CWE-340: Generation of Predictable Numbers or Identifiers
CWE-401: Missing Release of Memory after Effective Lifetime
CWE-404: Improper Resource Shutdown or Release
CWE-415: Double Free
CWE-416: Use After Free
CWE-425: Direct Request ('Forced Browsing')
CWE-457: Use of Uninitialized Variable
Configuring a BIG-IP Advanced WAF or ASM security policy with a URL longer than 1024 characters in the Data Guard Protection Enforcement setting can cause the bd process to repeatedly terminate.
7.5 (High)
Malformed JSON schemas in BIG-IP Advanced WAF or ASM Security Policies can cause the bd process to terminate when applied to a virtual server, with unsupported software versions excluded from evaluation.
7.5 (High)
Configuring HTTP/2 Ingress can cause Traffic Management Microkernel (TMM) termination due to handling undisclosed traffic, with unsupported software versions not evaluated for this issue.
7.5 (High)
Undisclosed traffic and disabling the Auto Last Hop setting when using the embedded Packet Velocity Acceleration (ePVA) feature on virtual servers, NAT, or SNAT objects can cause the Traffic Management Microkernel (TMM) to terminate on affected BIG-IP platforms.
7.5 (High)
Configuring a client SSL profile on a virtual server can cause increased memory usage due to undisclosed requests, with unsupported software versions not evaluated.
7.5 (High)
Configuring IPsec on the BIG-IP system can cause the Traffic Management Microkernel (TMM) to terminate when processing certain undisclosed traffic, with unsupported software versions not evaluated for this behavior.
7.5 (High)
Configuring a BIG-IP APM access policy on a virtual server can cause the Traffic Management Microkernel (TMM) to terminate when processing undisclosed traffic, with unsupported software versions not evaluated.
7.5 (High)
Configuring a per-request policy on a BIG-IP APM portal access virtual server can cause the Traffic Management Microkernel (TMM) to terminate due to undisclosed traffic, with unsupported software versions not evaluated.
7.5 (High)
Configuring a BIG-IP APM OAuth access profile on a virtual server can cause the apmd process to terminate due to undisclosed traffic, with unsupported software versions not evaluated.
7.5 (High)
An iRule using the ILX::call command on a virtual server can cause the Traffic Management Microkernel (TMM) to terminate when processing certain undisclosed traffic, with unsupported software versions not evaluated.
7.5 (High)
Undisclosed traffic on multi-bladed platforms with multiple blades can cause the Traffic Management Microkernel (TMM) to terminate, with software versions past End of Technical Support not evaluated.
7.5 (High)
Configuring a BIG-IP Advanced WAF or ASM security policy on a virtual server may cause the bd process to terminate when handling certain undisclosed requests, with unsupported software versions not evaluated.
7.5 (High)
Configuring the Allowed IP Addresses feature to 'All' on the F5OS-C partition control plane can cause multiple container terminations due to undisclosed traffic, affecting only F5OS-C partitions and not the controller layer.
7.5 (High)
An authenticated attacker with resource administrator privileges can exploit a vulnerability in iControl REST and BIG-IP TMOS Shell commands to execute arbitrary system commands with elevated privileges, crossing security boundaries.
8.7 (High)
A vulnerability in the iHealth utility of TMOS Shell (tmsh) on BIG-IP systems in Appliance mode allows an authenticated resource administrator to bypass tmsh restrictions and gain unauthorized bash shell access, crossing security boundaries.
8.7 (High)
Configuring the BIG-IP system as both a SAML service provider and Identity Provider with single logout enabled can cause increased memory usage due to undisclosed requests, particularly on unsupported software versions.
6.5 (Medium)
Undisclosed SNMP requests on F5OS Appliance and Chassis systems, including F5OS-A and F5OS-C, can lead to increased SNMP memory resource utilization, with unsupported software versions not evaluated.
6.5 (Medium)
Repeated undisclosed API calls on BIG-IP Next CNF, SPK, and Kubernetes systems can cause the Traffic Management Microkernel (TMM) to terminate, with unsupported software versions not evaluated.
6.5 (Medium)
Configuring an iRule on a virtual server via the declarative API can cause increased Traffic Management Microkernel (TMM) memory usage during re-instantiation cleanup, with unsupported software versions not evaluated.
6.5 (Medium)
A stored cross-site scripting (XSS) vulnerability in an undisclosed page of the BIG-IP Configuration utility allows attackers to execute JavaScript as the logged-in user, affecting unsupported software versions.
6.1 (Medium)
Hardware systems incorporating a High-Speed Bridge (HSB) may experience a lockup under specific, undisclosed traffic conditions influenced by factors beyond an attacker's control, with unsupported software versions not evaluated.
5.9 (Medium)
In Appliance mode, a highly privileged authenticated attacker with SCP and SFTP access may bypass restrictions using undisclosed commands, including on unsupported software versions not evaluated.
8.7 (High)
A vulnerability in F5OS-A and F5OS-C systems allows an authenticated local attacker to escalate privileges and potentially cross security boundaries, affecting certain software versions.
8.8 (High)
A vulnerability in F5OS-A and F5OS-C systems allows an authenticated local attacker to escalate privileges and potentially cross security boundaries, affecting supported versions with unsupported versions not evaluated.
8.8 (High)
Configuring Diffie-Hellman ECC Brainpool curves in an SSL profile's Cipher Rule or Group on a virtual server can cause the Traffic Management Microkernel (TMM) to terminate when processing certain undisclosed traffic.
7.5 (High)
Enabling Multipath TCP (MPTCP) on a TCP profile for a virtual server can cause the Traffic Management Microkernel (TMM) to terminate due to specific undisclosed traffic and uncontrollable external conditions.
7.5 (High)
Enabling DNS cache on BIG-IP or BIG-IP Next CNF virtual servers can increase memory usage due to undisclosed DNS queries, with unsupported software versions not evaluated.
7.5 (High)
Enabling BIG-IP SSL Orchestrator may cause the Traffic Management Microkernel (TMM) to terminate unexpectedly when processing certain undisclosed traffic, particularly on unsupported software versions.
7.5 (High)
Configuring BIG-IP Advanced WAF and ASM security policies with a server-side HTTP/2 profile on a virtual server can cause the Traffic Management Microkernel (TMM) to terminate due to undisclosed traffic issues.
7.5 (High)
Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate when a DTLS 1.2 virtual server uses a Server SSL profile with certificate, key, and SSL Sign Hash set to ANY, alongside a backend server with DTLS 1.2 and client authentication enabled.
7.5 (High)
Enabling the proxy connect feature on a BIG-IP SSL Orchestrator explicit forward proxy configured on a virtual server may cause memory corruption due to undisclosed traffic handling issues.
7.5 (High)
Configuring a classification profile on a virtual server without an HTTP or HTTP/2 profile can cause the Traffic Management Microkernel (TMM) to terminate due to undisclosed requests, with unsupported software versions not evaluated.
7.5 (High)
Using an iRule with the HTTP::respond command on a virtual server can cause increased memory usage due to certain unspecified requests, with unsupported software versions not evaluated.
7.5 (High)
Configuring a BIG-IP AFM DoS protection profile on a virtual server can cause the Traffic Management Microkernel (TMM) process to terminate due to undisclosed requests, with unsupported software versions not evaluated.
7.5 (High)
An out-of-bounds write vulnerability in F5OS-A and F5OS-C can lead to memory corruption, with unsupported software versions not evaluated for this issue.
5.7 (Medium)
A validation vulnerability and an arbitrary file upload vulnerability exist in an undisclosed URL within the Configuration utility, excluding software versions that have reached End of Technical Support.
6.5 (Medium)
A highly-privileged attacker using passwords with special shell metacharacters can execute arbitrary system commands, causing the rSeries FIPS hardware security module to fail initialization and potentially cross security boundaries.
5.7 (Medium)
Unauthenticated remote attackers can access undisclosed endpoints containing static non-sensitive information on the BIG-IP system via the Configuration utility, excluding versions that have reached End of Technical Support.
5.3 (Medium)
Configuring BIG-IP Advanced WAF with SSRF protection or NGINX with App Protect Bot Defense can cause undisclosed requests to disrupt new client requests, with unsupported software versions not evaluated.
5.3 (Medium)
A reflected cross-site scripting (XSS) vulnerability in an undisclosed page of BIG-IP APM allows attackers to execute JavaScript in the context of a targeted logged-out user.
6.1 (Medium)
A directory traversal vulnerability in the TMUI and BIG-IP Configuration utility allows highly privileged authenticated attackers to access unauthorized files beyond intended scope, affecting certain versions of F5 Networks products.
4.9 (Medium)
A vulnerability in F5OS-A software on F5 rSeries systems allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module (HSM) information, excluding versions that have reached End of Technical Support.
4.1 (Medium)
On BIG-IP systems, undisclosed traffic can result in data corruption and unauthorized data modification in protocols that lack message integrity protection, with unsupported software versions not evaluated.
5.3 (Medium)
References
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "F5 Networks heeft kwetsbaarheden verholpen in de BIG-IP- en F5OS-productlijnen en NGINX App Protect WAF.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden omvatten verschillende configuratieproblemen en exploitatievectoren. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service\n- Manipulatie van gegevens\n- Uitvoeren van willekeurige code (root/adminrechten)\n- Toegang tot gevoelige gegevens\n- Verkrijgen van verhoogde rechten\n",
"title": "Interpretaties"
},
{
"category": "description",
"text": "F5 Networks heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.\n\nAanvullend op bovengenoemd beveiligingsadvies heeft F5 Networks een websitebericht gepubliceerd over een beveiligingsincident op hun systemen. F5 Networks adviseert klanten hierin de laatste beveiligingsupdates zo snel mogelijk te installeren. Daarnaast heeft F5 Networks detectie- en hardeningmaatregelen gedeeld, en adviseert het bedrijf deze maatregelen in te zetten. Lees het websitebericht voor meer informatie.\n\n**UPDATE 27/01/2026**\n\nF5 heeft een update geplaatst op de website betreffende CVE-2025-53521. Het NCSC heeft waargenomen dat er misbruik is gemaakt van deze kwetsbaarheid.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Incomplete Cleanup",
"title": "CWE-459"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Operation on a Resource after Expiration or Release",
"title": "CWE-672"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
},
{
"category": "general",
"text": "Incorrect Control Flow Scoping",
"title": "CWE-705"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Access of Uninitialized Pointer",
"title": "CWE-824"
},
{
"category": "general",
"text": "Improper Validation of Specified Quantity in Input",
"title": "CWE-1284"
},
{
"category": "general",
"text": "External Control of File Name or Path",
"title": "CWE-73"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"title": "CWE-95"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Neutralization of Expression/Command Delimiters",
"title": "CWE-146"
},
{
"category": "general",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "general",
"text": "Invocation of Process Using Visible Sensitive Information",
"title": "CWE-214"
},
{
"category": "general",
"text": "Execution with Unnecessary Privileges",
"title": "CWE-250"
},
{
"category": "general",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "general",
"text": "Generation of Predictable Numbers or Identifiers",
"title": "CWE-340"
},
{
"category": "general",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Direct Request (\u0027Forced Browsing\u0027)",
"title": "CWE-425"
},
{
"category": "general",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://my.f5.com/manage/s/article/K000154696"
},
{
"category": "external",
"summary": "Reference",
"url": "https://my.f5.com/manage/s/article/K000156572"
},
{
"category": "external",
"summary": "Reference",
"url": "https://my.f5.com/manage/s/article/K000156741"
}
],
"title": "Kwetsbaarheden verholpen in F5 Networks BIG-IP, F5OS en NGINX App Protect WAF",
"tracking": {
"current_release_date": "2026-03-27T18:09:03.259108Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0319",
"initial_release_date": "2025-10-15T15:21:14.871532Z",
"revision_history": [
{
"date": "2025-10-15T15:21:14.871532Z",
"number": "1.0.0",
"summary": "Initiele versie"
},
{
"date": "2026-03-27T18:09:03.259108Z",
"number": "1.0.1",
"summary": "New revision"
}
],
"status": "final",
"version": "1.0.1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "BIG-IP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "F5OS - Appliance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "F5OS - Chassis"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "F5OS-A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "F5OS-C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "NGINX"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "NGINX App Protect WAF"
}
],
"category": "vendor",
"name": "F5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61938",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Specified Quantity in Input",
"title": "CWE-1284"
},
{
"category": "description",
"text": "Configuring a BIG-IP Advanced WAF or ASM security policy with a URL longer than 1024 characters in the Data Guard Protection Enforcement setting can cause the bd process to repeatedly terminate.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61938 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61938.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-61938"
},
{
"cve": "CVE-2025-54858",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Malformed JSON schemas in BIG-IP Advanced WAF or ASM Security Policies can cause the bd process to terminate when applied to a virtual server, with unsupported software versions excluded from evaluation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54858 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54858.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-54858"
},
{
"cve": "CVE-2025-58120",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Configuring HTTP/2 Ingress can cause Traffic Management Microkernel (TMM) termination due to handling undisclosed traffic, with unsupported software versions not evaluated for this issue.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58120 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58120.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-58120"
},
{
"cve": "CVE-2025-53856",
"cwe": {
"id": "CWE-705",
"name": "Incorrect Control Flow Scoping"
},
"notes": [
{
"category": "other",
"text": "Incorrect Control Flow Scoping",
"title": "CWE-705"
},
{
"category": "description",
"text": "Undisclosed traffic and disabling the Auto Last Hop setting when using the embedded Packet Velocity Acceleration (ePVA) feature on virtual servers, NAT, or SNAT objects can cause the Traffic Management Microkernel (TMM) to terminate on affected BIG-IP platforms.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53856 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53856.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-53856"
},
{
"cve": "CVE-2025-61974",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
},
{
"category": "description",
"text": "Configuring a client SSL profile on a virtual server can cause increased memory usage due to undisclosed requests, with unsupported software versions not evaluated.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61974 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61974.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-61974"
},
{
"cve": "CVE-2025-58071",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "description",
"text": "Configuring IPsec on the BIG-IP system can cause the Traffic Management Microkernel (TMM) to terminate when processing certain undisclosed traffic, with unsupported software versions not evaluated for this behavior.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58071 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58071.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-58071"
},
{
"cve": "CVE-2025-53521",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Configuring a BIG-IP APM access policy on a virtual server can cause the Traffic Management Microkernel (TMM) to terminate when processing undisclosed traffic, with unsupported software versions not evaluated.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53521 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53521.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-53521"
},
{
"cve": "CVE-2025-61960",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Configuring a per-request policy on a BIG-IP APM portal access virtual server can cause the Traffic Management Microkernel (TMM) to terminate due to undisclosed traffic, with unsupported software versions not evaluated.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61960 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61960.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-61960"
},
{
"cve": "CVE-2025-54854",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Configuring a BIG-IP APM OAuth access profile on a virtual server can cause the apmd process to terminate due to undisclosed traffic, with unsupported software versions not evaluated.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54854 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54854.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-54854"
},
{
"cve": "CVE-2025-53474",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "description",
"text": "An iRule using the ILX::call command on a virtual server can cause the Traffic Management Microkernel (TMM) to terminate when processing certain undisclosed traffic, with unsupported software versions not evaluated.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53474 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53474.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-53474"
},
{
"cve": "CVE-2025-61990",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "description",
"text": "Undisclosed traffic on multi-bladed platforms with multiple blades can cause the Traffic Management Microkernel (TMM) to terminate, with software versions past End of Technical Support not evaluated.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61990 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61990.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-61990"
},
{
"cve": "CVE-2025-61935",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "other",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "description",
"text": "Configuring a BIG-IP Advanced WAF or ASM security policy on a virtual server may cause the bd process to terminate when handling certain undisclosed requests, with unsupported software versions not evaluated.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61935 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61935.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-61935"
},
{
"cve": "CVE-2025-59778",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Configuring the Allowed IP Addresses feature to \u0027All\u0027 on the F5OS-C partition control plane can cause multiple container terminations due to undisclosed traffic, affecting only F5OS-C partitions and not the controller layer.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59778 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59778.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-59778"
},
{
"cve": "CVE-2025-59481",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"notes": [
{
"category": "other",
"text": "Execution with Unnecessary Privileges",
"title": "CWE-250"
},
{
"category": "description",
"text": "An authenticated attacker with resource administrator privileges can exploit a vulnerability in iControl REST and BIG-IP TMOS Shell commands to execute arbitrary system commands with elevated privileges, crossing security boundaries.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59481 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59481.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-59481"
},
{
"cve": "CVE-2025-61958",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"notes": [
{
"category": "other",
"text": "Execution with Unnecessary Privileges",
"title": "CWE-250"
},
{
"category": "description",
"text": "A vulnerability in the iHealth utility of TMOS Shell (tmsh) on BIG-IP systems in Appliance mode allows an authenticated resource administrator to bypass tmsh restrictions and gain unauthorized bash shell access, crossing security boundaries.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61958 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61958.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-61958"
},
{
"cve": "CVE-2025-47148",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Configuring the BIG-IP system as both a SAML service provider and Identity Provider with single logout enabled can cause increased memory usage due to undisclosed requests, particularly on unsupported software versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-47148 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-47148.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-47148"
},
{
"cve": "CVE-2025-47150",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
},
{
"category": "description",
"text": "Undisclosed SNMP requests on F5OS Appliance and Chassis systems, including F5OS-A and F5OS-C, can lead to increased SNMP memory resource utilization, with unsupported software versions not evaluated.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-47150 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-47150.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-47150"
},
{
"cve": "CVE-2025-55670",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Repeated undisclosed API calls on BIG-IP Next CNF, SPK, and Kubernetes systems can cause the Traffic Management Microkernel (TMM) to terminate, with unsupported software versions not evaluated.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55670 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55670.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-55670"
},
{
"cve": "CVE-2025-54805",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
},
{
"category": "description",
"text": "Configuring an iRule on a virtual server via the declarative API can cause increased Traffic Management Microkernel (TMM) memory usage during re-instantiation cleanup, with unsupported software versions not evaluated.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54805 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54805.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-54805"
},
{
"cve": "CVE-2025-59269",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "A stored cross-site scripting (XSS) vulnerability in an undisclosed page of the BIG-IP Configuration utility allows attackers to execute JavaScript as the logged-in user, affecting unsupported software versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59269 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59269.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-59269"
},
{
"cve": "CVE-2025-58153",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "other",
"text": "Improper Locking",
"title": "CWE-667"
},
{
"category": "description",
"text": "Hardware systems incorporating a High-Speed Bridge (HSB) may experience a lockup under specific, undisclosed traffic conditions influenced by factors beyond an attacker\u0027s control, with unsupported software versions not evaluated.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58153 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58153.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-58153"
},
{
"cve": "CVE-2025-53868",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "description",
"text": "In Appliance mode, a highly privileged authenticated attacker with SCP and SFTP access may bypass restrictions using undisclosed commands, including on unsupported software versions not evaluated.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53868 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53868.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-53868"
},
{
"cve": "CVE-2025-61955",
"cwe": {
"id": "CWE-95",
"name": "Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"title": "CWE-95"
},
{
"category": "description",
"text": "A vulnerability in F5OS-A and F5OS-C systems allows an authenticated local attacker to escalate privileges and potentially cross security boundaries, affecting certain software versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61955 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61955.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-61955"
},
{
"cve": "CVE-2025-57780",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"notes": [
{
"category": "other",
"text": "Execution with Unnecessary Privileges",
"title": "CWE-250"
},
{
"category": "description",
"text": "A vulnerability in F5OS-A and F5OS-C systems allows an authenticated local attacker to escalate privileges and potentially cross security boundaries, affecting supported versions with unsupported versions not evaluated.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-57780 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-57780.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-57780"
},
{
"cve": "CVE-2025-60016",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Configuring Diffie-Hellman ECC Brainpool curves in an SSL profile\u0027s Cipher Rule or Group on a virtual server can cause the Traffic Management Microkernel (TMM) to terminate when processing certain undisclosed traffic.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-60016 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60016.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-60016"
},
{
"cve": "CVE-2025-48008",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "Enabling Multipath TCP (MPTCP) on a TCP profile for a virtual server can cause the Traffic Management Microkernel (TMM) to terminate due to specific undisclosed traffic and uncontrollable external conditions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48008 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48008.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-48008"
},
{
"cve": "CVE-2025-59781",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "other",
"text": "Incomplete Cleanup",
"title": "CWE-459"
},
{
"category": "description",
"text": "Enabling DNS cache on BIG-IP or BIG-IP Next CNF virtual servers can increase memory usage due to undisclosed DNS queries, with unsupported software versions not evaluated.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59781 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59781.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-59781"
},
{
"cve": "CVE-2025-41430",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Enabling BIG-IP SSL Orchestrator may cause the Traffic Management Microkernel (TMM) to terminate unexpectedly when processing certain undisclosed traffic, particularly on unsupported software versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41430 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41430.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-41430"
},
{
"cve": "CVE-2025-55669",
"cwe": {
"id": "CWE-672",
"name": "Operation on a Resource after Expiration or Release"
},
"notes": [
{
"category": "other",
"text": "Operation on a Resource after Expiration or Release",
"title": "CWE-672"
},
{
"category": "description",
"text": "Configuring BIG-IP Advanced WAF and ASM security policies with a server-side HTTP/2 profile on a virtual server can cause the Traffic Management Microkernel (TMM) to terminate due to undisclosed traffic issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55669 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55669.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-55669"
},
{
"cve": "CVE-2025-61951",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate when a DTLS 1.2 virtual server uses a Server SSL profile with certificate, key, and SSL Sign Hash set to ANY, alongside a backend server with DTLS 1.2 and client authentication enabled.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61951 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61951.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-61951"
},
{
"cve": "CVE-2025-55036",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Enabling the proxy connect feature on a BIG-IP SSL Orchestrator explicit forward proxy configured on a virtual server may cause memory corruption due to undisclosed traffic handling issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55036 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55036.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-55036"
},
{
"cve": "CVE-2025-54479",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Configuring a classification profile on a virtual server without an HTTP or HTTP/2 profile can cause the Traffic Management Microkernel (TMM) to terminate due to undisclosed requests, with unsupported software versions not evaluated.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54479 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54479.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-54479"
},
{
"cve": "CVE-2025-46706",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Using an iRule with the HTTP::respond command on a virtual server can cause increased memory usage due to certain unspecified requests, with unsupported software versions not evaluated.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46706 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46706.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-46706"
},
{
"cve": "CVE-2025-59478",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"notes": [
{
"category": "other",
"text": "Access of Uninitialized Pointer",
"title": "CWE-824"
},
{
"category": "description",
"text": "Configuring a BIG-IP AFM DoS protection profile on a virtual server can cause the Traffic Management Microkernel (TMM) process to terminate due to undisclosed requests, with unsupported software versions not evaluated.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59478 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59478.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-59478"
},
{
"cve": "CVE-2025-60015",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "An out-of-bounds write vulnerability in F5OS-A and F5OS-C can lead to memory corruption, with unsupported software versions not evaluated for this issue.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-60015 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60015.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-60015"
},
{
"cve": "CVE-2025-59483",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"notes": [
{
"category": "other",
"text": "External Control of File Name or Path",
"title": "CWE-73"
},
{
"category": "description",
"text": "A validation vulnerability and an arbitrary file upload vulnerability exist in an undisclosed URL within the Configuration utility, excluding software versions that have reached End of Technical Support.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59483 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59483.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-59483"
},
{
"cve": "CVE-2025-60013",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "description",
"text": "A highly-privileged attacker using passwords with special shell metacharacters can execute arbitrary system commands, causing the rSeries FIPS hardware security module to fail initialization and potentially cross security boundaries.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-60013 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60013.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-60013"
},
{
"cve": "CVE-2025-59268",
"cwe": {
"id": "CWE-425",
"name": "Direct Request (\u0027Forced Browsing\u0027)"
},
"notes": [
{
"category": "other",
"text": "Direct Request (\u0027Forced Browsing\u0027)",
"title": "CWE-425"
},
{
"category": "other",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "description",
"text": "Unauthenticated remote attackers can access undisclosed endpoints containing static non-sensitive information on the BIG-IP system via the Configuration utility, excluding versions that have reached End of Technical Support.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59268 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59268.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-59268"
},
{
"cve": "CVE-2025-58474",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Configuring BIG-IP Advanced WAF with SSRF protection or NGINX with App Protect Bot Defense can cause undisclosed requests to disrupt new client requests, with unsupported software versions not evaluated.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58474 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58474.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-58474"
},
{
"cve": "CVE-2025-61933",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "A reflected cross-site scripting (XSS) vulnerability in an undisclosed page of BIG-IP APM allows attackers to execute JavaScript in the context of a targeted logged-out user.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61933 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61933.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-61933"
},
{
"cve": "CVE-2025-54755",
"cwe": {
"id": "CWE-146",
"name": "Improper Neutralization of Expression/Command Delimiters"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Expression/Command Delimiters",
"title": "CWE-146"
},
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "A directory traversal vulnerability in the TMUI and BIG-IP Configuration utility allows highly privileged authenticated attackers to access unauthorized files beyond intended scope, affecting certain versions of F5 Networks products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54755 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54755.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-54755"
},
{
"cve": "CVE-2025-53860",
"cwe": {
"id": "CWE-214",
"name": "Invocation of Process Using Visible Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Invocation of Process Using Visible Sensitive Information",
"title": "CWE-214"
},
{
"category": "description",
"text": "A vulnerability in F5OS-A software on F5 rSeries systems allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module (HSM) information, excluding versions that have reached End of Technical Support.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53860 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53860.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-53860"
},
{
"cve": "CVE-2025-58424",
"cwe": {
"id": "CWE-340",
"name": "Generation of Predictable Numbers or Identifiers"
},
"notes": [
{
"category": "other",
"text": "Generation of Predictable Numbers or Identifiers",
"title": "CWE-340"
},
{
"category": "description",
"text": "On BIG-IP systems, undisclosed traffic can result in data corruption and unauthorized data modification in protocols that lack message integrity protection, with unsupported software versions not evaluated.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58424 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58424.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7"
]
}
],
"title": "CVE-2025-58424"
}
]
}
WID-SEC-W-2025-2310
Vulnerability from csaf_certbund - Published: 2025-10-15 22:00 - Updated: 2026-03-31 22:00Summary
F5 BIG-IP und F5OS: Mehrere Schwachstellen
Severity
Kritisch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: BIG-IP ist eine Netzwerk Appliance auf der die meisten F5 Produkte laufen.
F5OS ist ein modulares Betriebssystem von F5 Networks, das für den Einsatz auf deren Hardware-Plattformen konzipiert ist.
Angriff: Ein Angreifer kann mehrere Schwachstellen in F5 BIG-IP und F5 F5OS ausnutzen, um Sicherheitsmechanismen zu umgehen, seine Privilegien zu erhöhen, einen Denial-of-Service-Zustand (DoS) herbeizuführen, einen Cross-Site-Scripting-Angriff (XSS) durchzuführen und Informationen offenzulegen oder zu manipulieren, sowie um Code auszuführen.
Betroffene Betriebssysteme: - F5 Networks
References
| URL | Category | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "BIG-IP ist eine Netzwerk Appliance auf der die meisten F5 Produkte laufen.\r\nF5OS ist ein modulares Betriebssystem von F5 Networks, das f\u00fcr den Einsatz auf deren Hardware-Plattformen konzipiert ist.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in F5 BIG-IP und F5 F5OS ausnutzen, um Sicherheitsmechanismen zu umgehen, seine Privilegien zu erh\u00f6hen, einen Denial-of-Service-Zustand (DoS) herbeizuf\u00fchren, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren und Informationen offenzulegen oder zu manipulieren, sowie um Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- F5 Networks",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2310 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2310.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2310 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2310"
},
{
"category": "external",
"summary": "F5 Quarterly Security Notification October 2025 vom 2025-10-15",
"url": "https://my.f5.com/manage/s/article/K000156572"
},
{
"category": "external",
"summary": "F5 Security Incident Notification vom 2025-10-15",
"url": "https://my.f5.com/manage/s/article/K000154696"
},
{
"category": "external",
"summary": "CISA Known Exploited Vulnerabilities Catalog vom 2026-03-29",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2025-53521 vom 2026-03-31",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53521"
},
{
"category": "external",
"summary": "F5 Security Advisory K000156741 vom 2026-04-01",
"url": "https://my.f5.com/manage/s/article/K000156741"
}
],
"source_lang": "en-US",
"title": "F5 BIG-IP und F5OS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-31T22:00:00.000+00:00",
"generator": {
"date": "2026-04-01T05:44:14.485+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2310",
"initial_release_date": "2025-10-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-10-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-16T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2025-34622"
},
{
"date": "2026-03-29T22:00:00.000+00:00",
"number": "3",
"summary": "Aktive Ausnutzung gemeldet"
},
{
"date": "2026-03-31T22:00:00.000+00:00",
"number": "4",
"summary": "CVE-2025-53521 von F5 neu bewertet, Codeausf\u00fchrung m\u00f6glich"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T042765",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
},
{
"category": "product_name",
"name": "F5 F5OS",
"product": {
"name": "F5 F5OS",
"product_id": "1072194",
"product_identification_helper": {
"cpe": "cpe:/o:f5:f5os:-"
}
}
}
],
"category": "vendor",
"name": "F5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-41430",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-41430"
},
{
"cve": "CVE-2025-46706",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-46706"
},
{
"cve": "CVE-2025-47148",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-47148"
},
{
"cve": "CVE-2025-47150",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-47150"
},
{
"cve": "CVE-2025-48008",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-48008"
},
{
"cve": "CVE-2025-53474",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-53474"
},
{
"cve": "CVE-2025-53521",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-53521"
},
{
"cve": "CVE-2025-53856",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-53856"
},
{
"cve": "CVE-2025-53860",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-53860"
},
{
"cve": "CVE-2025-53868",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-53868"
},
{
"cve": "CVE-2025-54479",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-54479"
},
{
"cve": "CVE-2025-54755",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-54755"
},
{
"cve": "CVE-2025-54805",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-54805"
},
{
"cve": "CVE-2025-54854",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-54854"
},
{
"cve": "CVE-2025-54858",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-54858"
},
{
"cve": "CVE-2025-55036",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-55036"
},
{
"cve": "CVE-2025-55669",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-55669"
},
{
"cve": "CVE-2025-55670",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-55670"
},
{
"cve": "CVE-2025-57780",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-57780"
},
{
"cve": "CVE-2025-58071",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-58071"
},
{
"cve": "CVE-2025-58096",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-58096"
},
{
"cve": "CVE-2025-58120",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-58120"
},
{
"cve": "CVE-2025-58153",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-58153"
},
{
"cve": "CVE-2025-58424",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-58424"
},
{
"cve": "CVE-2025-58474",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-58474"
},
{
"cve": "CVE-2025-59268",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-59268"
},
{
"cve": "CVE-2025-59269",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-59269"
},
{
"cve": "CVE-2025-59478",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-59478"
},
{
"cve": "CVE-2025-59481",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-59481"
},
{
"cve": "CVE-2025-59483",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-59483"
},
{
"cve": "CVE-2025-59778",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-59778"
},
{
"cve": "CVE-2025-59781",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-59781"
},
{
"cve": "CVE-2025-60013",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-60013"
},
{
"cve": "CVE-2025-60015",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-60015"
},
{
"cve": "CVE-2025-60016",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-60016"
},
{
"cve": "CVE-2025-61933",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-61933"
},
{
"cve": "CVE-2025-61935",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-61935"
},
{
"cve": "CVE-2025-61938",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-61938"
},
{
"cve": "CVE-2025-61951",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-61951"
},
{
"cve": "CVE-2025-61955",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-61955"
},
{
"cve": "CVE-2025-61958",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-61958"
},
{
"cve": "CVE-2025-61960",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-61960"
},
{
"cve": "CVE-2025-61974",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-61974"
},
{
"cve": "CVE-2025-61990",
"product_status": {
"known_affected": [
"T042765",
"1072194"
]
},
"release_date": "2025-10-15T22:00:00.000+00:00",
"title": "CVE-2025-61990"
}
]
}
CERTFR-2025-AVI-0886
Vulnerability from certfr_avis - Published: 2025-10-16 - Updated: 2025-10-16
De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | BIG-IP Next | BIG-IP Next pour Kubernetes versions 2.1.x antérieures à 2.1.0 EHF-2 | ||
| F5 | BIG-IP Next | BIG-IP Next SPK versions 1.7.x antérieures à 1.7.15 EHF-2 | ||
| F5 | BIG-IP | BIG-IP (tous les modules) versions 15.1.x antérieures à 15.1.10.8 | ||
| F5 | BIG-IP Next | BIG-IP Next CNF versions 2.x antérieures à 2.1.0 EHF-1 | ||
| F5 | BIG-IP | BIG-IP (tous les modules) versions 17.5.x antérieures à 17.5.1.3 | ||
| F5 | BIG-IP Next | BIG-IP Next SPK versions 2.x antérieures à 2.1.0 EHF-1 | ||
| F5 | BIG-IP | BIG-IP (tous les modules) versions 17.1.x antérieures à 17.1.3 | ||
| F5 | NGINX | NGINX App Protect WAF versions antérieures à 4.7.0 | ||
| F5 | BIG-IP Next | BIG-IP Next CNF versions 1.4.x antérieures à 1.4.0 EHF-3 | ||
| F5 | BIG-IP | BIG-IP (tous les modules) versions 16.1.x antérieures à 16.1.6.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIG-IP Next pour Kubernetes versions 2.1.x ant\u00e9rieures \u00e0 2.1.0 EHF-2",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next SPK versions 1.7.x ant\u00e9rieures \u00e0 1.7.15 EHF-2",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous les modules) versions 15.1.x ant\u00e9rieures \u00e0 15.1.10.8",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next CNF versions 2.x ant\u00e9rieures \u00e0 2.1.0 EHF-1",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous les modules) versions 17.5.x ant\u00e9rieures \u00e0 17.5.1.3",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next SPK versions 2.x ant\u00e9rieures \u00e0 2.1.0 EHF-1",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous les modules) versions 17.1.x ant\u00e9rieures \u00e0 17.1.3",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX App Protect WAF versions ant\u00e9rieures \u00e0 4.7.0",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next CNF versions 1.4.x ant\u00e9rieures \u00e0 1.4.0 EHF-3",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous les modules) versions 16.1.x ant\u00e9rieures \u00e0 16.1.6.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-48008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48008"
},
{
"name": "CVE-2025-53521",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53521"
},
{
"name": "CVE-2025-54858",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54858"
},
{
"name": "CVE-2025-59478",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59478"
},
{
"name": "CVE-2025-61990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61990"
},
{
"name": "CVE-2025-55670",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55670"
},
{
"name": "CVE-2025-58153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58153"
},
{
"name": "CVE-2025-58071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58071"
},
{
"name": "CVE-2025-55036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55036"
},
{
"name": "CVE-2025-53868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53868"
},
{
"name": "CVE-2025-60015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60015"
},
{
"name": "CVE-2025-59481",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59481"
},
{
"name": "CVE-2025-54479",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54479"
},
{
"name": "CVE-2025-41430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41430"
},
{
"name": "CVE-2025-59483",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59483"
},
{
"name": "CVE-2025-59778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59778"
},
{
"name": "CVE-2025-59268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59268"
},
{
"name": "CVE-2025-53860",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53860"
},
{
"name": "CVE-2025-54805",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54805"
},
{
"name": "CVE-2025-61935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61935"
},
{
"name": "CVE-2025-57780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57780"
},
{
"name": "CVE-2025-61938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61938"
},
{
"name": "CVE-2025-61951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61951"
},
{
"name": "CVE-2025-59781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59781"
},
{
"name": "CVE-2025-53474",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53474"
},
{
"name": "CVE-2025-58096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58096"
},
{
"name": "CVE-2025-61974",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61974"
},
{
"name": "CVE-2025-53856",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53856"
},
{
"name": "CVE-2025-58424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58424"
},
{
"name": "CVE-2025-60013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60013"
},
{
"name": "CVE-2025-60016",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60016"
},
{
"name": "CVE-2025-47150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47150"
},
{
"name": "CVE-2025-58120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58120"
},
{
"name": "CVE-2025-61958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61958"
},
{
"name": "CVE-2025-59269",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59269"
},
{
"name": "CVE-2025-54854",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54854"
},
{
"name": "CVE-2025-54755",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54755"
},
{
"name": "CVE-2025-61955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61955"
},
{
"name": "CVE-2025-61960",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61960"
},
{
"name": "CVE-2025-58474",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58474"
},
{
"name": "CVE-2025-61933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61933"
},
{
"name": "CVE-2025-47148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47148"
},
{
"name": "CVE-2025-29481",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29481"
},
{
"name": "CVE-2025-46706",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46706"
},
{
"name": "CVE-2025-55669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55669"
}
],
"initial_release_date": "2025-10-16T00:00:00",
"last_revision_date": "2025-10-16T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0886",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
"vendor_advisories": [
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 F5 K000156572",
"url": "https://my.f5.com/manage/s/article/K000156572"
}
]
}
CERTFR-2025-AVI-0886
Vulnerability from certfr_avis - Published: 2025-10-16 - Updated: 2025-10-16
De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | BIG-IP Next | BIG-IP Next pour Kubernetes versions 2.1.x antérieures à 2.1.0 EHF-2 | ||
| F5 | BIG-IP Next | BIG-IP Next SPK versions 1.7.x antérieures à 1.7.15 EHF-2 | ||
| F5 | BIG-IP | BIG-IP (tous les modules) versions 15.1.x antérieures à 15.1.10.8 | ||
| F5 | BIG-IP Next | BIG-IP Next CNF versions 2.x antérieures à 2.1.0 EHF-1 | ||
| F5 | BIG-IP | BIG-IP (tous les modules) versions 17.5.x antérieures à 17.5.1.3 | ||
| F5 | BIG-IP Next | BIG-IP Next SPK versions 2.x antérieures à 2.1.0 EHF-1 | ||
| F5 | BIG-IP | BIG-IP (tous les modules) versions 17.1.x antérieures à 17.1.3 | ||
| F5 | NGINX | NGINX App Protect WAF versions antérieures à 4.7.0 | ||
| F5 | BIG-IP Next | BIG-IP Next CNF versions 1.4.x antérieures à 1.4.0 EHF-3 | ||
| F5 | BIG-IP | BIG-IP (tous les modules) versions 16.1.x antérieures à 16.1.6.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIG-IP Next pour Kubernetes versions 2.1.x ant\u00e9rieures \u00e0 2.1.0 EHF-2",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next SPK versions 1.7.x ant\u00e9rieures \u00e0 1.7.15 EHF-2",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous les modules) versions 15.1.x ant\u00e9rieures \u00e0 15.1.10.8",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next CNF versions 2.x ant\u00e9rieures \u00e0 2.1.0 EHF-1",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous les modules) versions 17.5.x ant\u00e9rieures \u00e0 17.5.1.3",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next SPK versions 2.x ant\u00e9rieures \u00e0 2.1.0 EHF-1",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous les modules) versions 17.1.x ant\u00e9rieures \u00e0 17.1.3",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX App Protect WAF versions ant\u00e9rieures \u00e0 4.7.0",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next CNF versions 1.4.x ant\u00e9rieures \u00e0 1.4.0 EHF-3",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous les modules) versions 16.1.x ant\u00e9rieures \u00e0 16.1.6.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-48008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48008"
},
{
"name": "CVE-2025-53521",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53521"
},
{
"name": "CVE-2025-54858",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54858"
},
{
"name": "CVE-2025-59478",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59478"
},
{
"name": "CVE-2025-61990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61990"
},
{
"name": "CVE-2025-55670",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55670"
},
{
"name": "CVE-2025-58153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58153"
},
{
"name": "CVE-2025-58071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58071"
},
{
"name": "CVE-2025-55036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55036"
},
{
"name": "CVE-2025-53868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53868"
},
{
"name": "CVE-2025-60015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60015"
},
{
"name": "CVE-2025-59481",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59481"
},
{
"name": "CVE-2025-54479",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54479"
},
{
"name": "CVE-2025-41430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41430"
},
{
"name": "CVE-2025-59483",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59483"
},
{
"name": "CVE-2025-59778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59778"
},
{
"name": "CVE-2025-59268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59268"
},
{
"name": "CVE-2025-53860",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53860"
},
{
"name": "CVE-2025-54805",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54805"
},
{
"name": "CVE-2025-61935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61935"
},
{
"name": "CVE-2025-57780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57780"
},
{
"name": "CVE-2025-61938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61938"
},
{
"name": "CVE-2025-61951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61951"
},
{
"name": "CVE-2025-59781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59781"
},
{
"name": "CVE-2025-53474",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53474"
},
{
"name": "CVE-2025-58096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58096"
},
{
"name": "CVE-2025-61974",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61974"
},
{
"name": "CVE-2025-53856",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53856"
},
{
"name": "CVE-2025-58424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58424"
},
{
"name": "CVE-2025-60013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60013"
},
{
"name": "CVE-2025-60016",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60016"
},
{
"name": "CVE-2025-47150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47150"
},
{
"name": "CVE-2025-58120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58120"
},
{
"name": "CVE-2025-61958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61958"
},
{
"name": "CVE-2025-59269",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59269"
},
{
"name": "CVE-2025-54854",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54854"
},
{
"name": "CVE-2025-54755",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54755"
},
{
"name": "CVE-2025-61955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61955"
},
{
"name": "CVE-2025-61960",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61960"
},
{
"name": "CVE-2025-58474",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58474"
},
{
"name": "CVE-2025-61933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61933"
},
{
"name": "CVE-2025-47148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47148"
},
{
"name": "CVE-2025-29481",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29481"
},
{
"name": "CVE-2025-46706",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46706"
},
{
"name": "CVE-2025-55669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55669"
}
],
"initial_release_date": "2025-10-16T00:00:00",
"last_revision_date": "2025-10-16T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0886",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
"vendor_advisories": [
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 F5 K000156572",
"url": "https://my.f5.com/manage/s/article/K000156572"
}
]
}
FKIE_CVE-2025-53521
Vulnerability from fkie_nvd - Published: 2025-10-15 14:15 - Updated: 2026-03-31 17:12
Severity ?
Summary
When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | https://my.f5.com/manage/s/article/K000156741 | Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53521 | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * |
{
"cisaActionDue": "2026-03-30",
"cisaExploitAdd": "2026-03-27",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "F5 BIG-IP Unspecified Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A0C1CA-EDEF-463F-B7C8-8B9E67239FC1",
"versionEndExcluding": "15.1.10.8",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6494E2A7-1473-46C0-97F8-90827D9466AA",
"versionEndExcluding": "16.1.6.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96D35435-27A7-4A88-9432-1F5AB0112B8C",
"versionEndExcluding": "17.1.3",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "252ED1A4-5F29-4440-B1BA-9621E6791812",
"versionEndExcluding": "17.5.1.3",
"versionStartIncluding": "17.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).\u00a0\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"id": "CVE-2025-53521",
"lastModified": "2026-03-31T17:12:31.053",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "f5sirt@f5.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "f5sirt@f5.com",
"type": "Secondary"
}
]
},
"published": "2025-10-15T14:15:48.377",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
],
"url": "https://my.f5.com/manage/s/article/K000156741"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53521"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "f5sirt@f5.com",
"type": "Primary"
}
]
}
GHSA-J3CP-7WH4-9F6C
Vulnerability from github – Published: 2025-10-15 15:30 – Updated: 2026-03-31 18:31
VLAI?
Details
When a BIG-IP APM Access Policy is configured on a virtual server, undisclosed traffic can cause TMM to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity ?
{
"affected": [],
"aliases": [
"CVE-2025-53521"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-770"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-15T14:15:48Z",
"severity": "HIGH"
},
"details": "When a BIG-IP APM Access Policy is configured on a virtual server, undisclosed traffic can cause TMM to terminate.\u00a0\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-j3cp-7wh4-9f6c",
"modified": "2026-03-31T18:31:25Z",
"published": "2025-10-15T15:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53521"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000156741"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53521"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…