ReportizFlow
Filtered by vendor F5
Subscriptions
Total
972 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60013 | 1 F5 | 2 F5os, F5os-a | 2026-02-26 | 4.6 Medium |
| When a highly-privileged, authenticated attacker attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, arbitrary system commands may be executed, and the FIPS hardware security module (HSM) may fail to initialize. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-58120 | 1 F5 | 6 Big-ip, Big-ip Next, Big-ip Next Cloud-native Network Functions and 3 more | 2026-02-26 | 7.5 High |
| When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-54858 | 1 F5 | 3 Big-ip, Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2026-02-26 | 7.5 High |
| When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-58096 | 1 F5 | 22 Big-ip, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 19 more | 2026-02-26 | 7.5 High |
| When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-61958 | 1 F5 | 22 Big-ip, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 19 more | 2026-02-26 | 6.5 Medium |
| A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and gain access to a bash shell. For BIG-IP systems running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-54854 | 1 F5 | 2 Big-ip, Big-ip Access Policy Manager | 2026-02-26 | 7.5 High |
| When a BIG-IP APM OAuth access profile (Resource Server or Resource Client) is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-61955 | 1 F5 | 3 F5os, F5os-a, F5os-c | 2026-02-26 | 7.8 High |
| A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-61960 | 1 F5 | 2 Big-ip, Big-ip Access Policy Manager | 2026-02-26 | 7.5 High |
| When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-59481 | 1 F5 | 22 Big-ip, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 19 more | 2026-02-26 | 6.5 Medium |
| A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-61974 | 1 F5 | 6 Big-ip, Big-ip Next, Big-ip Next Cloud-native Network Functions and 3 more | 2026-02-26 | 7.5 High |
| When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-60015 | 1 F5 | 3 F5os, F5os-a, F5os-c | 2026-02-26 | 5.7 Medium |
| An out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that could lead to memory corruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-61935 | 1 F5 | 3 Big-ip, Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2026-02-26 | 7.5 High |
| When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-58071 | 1 F5 | 24 Big-ip, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 21 more | 2026-02-26 | 7.5 High |
| When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-61933 | 1 F5 | 2 Big-ip, Big-ip Access Policy Manager | 2026-02-26 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-57780 | 1 F5 | 3 F5os, F5os-a, F5os-c | 2026-02-26 | 7.8 High |
| A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-61990 | 1 F5 | 25 Big-ip, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 22 more | 2026-02-26 | 7.5 High |
| When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-14727 | 1 F5 | 1 Nginx Ingress Controller | 2026-02-26 | 8.3 High |
| A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-54500 | 1 F5 | 28 Big-ip, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 25 more | 2026-02-04 | 5.3 Medium |
| An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-24319 | 1 F5 | 1 Big-ip Next Central Manager | 2026-02-04 | 6.5 Medium |
| When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2024-32761 | 1 F5 | 22 Big-ip, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 19 more | 2026-02-04 | 6.5 Medium |
| Under certain conditions, a data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. This leak occurs randomly and cannot be deliberately triggered. If it occurs, it may leak up to 64 bytes of non-contiguous randomized bytes. Under rare conditions, this may lead to a TMM restart, affecting availability. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||