CVE-2025-24319 — Improper Input Validation in F5 Big-ip Next Central Manager

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.8%

top 25.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Next Central Manager

Timeline

PublishedFeb 5

Description

When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5f5/big-ip_next_central_manager20.1.0 — 20.3.0

▶NVDf5/big-ip_next_central_manager20.2.0 — 20.3.0

🔴Vulnerability Details

GHSA

GHSA-p97f-5rgg-7g94: When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Nod↗2025-02-05

▶

CVEList

BIG-IP Next Central Manager vulnerability↗2025-02-05

▶

📋Vendor Advisories

CVE-2025-24319: When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause th...↗2025-02-05

▶