F5 Big-Ip Access Policy Manager vulnerabilities

CVE-2025-47148 [HIGH] CWE-404 CVE-2025-47148: When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service pro When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP), with single logout (SLO) enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not e

CVE-2025-59268 [MEDIUM] CWE-201 CVE-2025-59268: On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are access On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-58424 [MEDIUM] CWE-340 CVE-2025-58424: On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-54755 [MEDIUM] CWE-22 CVE-2025-54755: A directory traversal vulnerability exists in TMUI that allows a highly privileged authenticated att A directory traversal vulnerability exists in TMUI that allows a highly privileged authenticated attacker to access files which are not limited to the intended files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-61933 [MEDIUM] CWE-79 CVE-2025-61933: A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM tha A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-46405 [HIGH] CWE-121 CVE-2025-46405: When Network Access is configured on a BIG-IP APM virtual server, undisclosed traffic can cause the When Network Access is configured on a BIG-IP APM virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-48500 [HIGH] CWE-353 CVE-2025-48500: A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that ma A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-52585 [HIGH] CWE-476 CVE-2025-52585: When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enable When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-54500 [MEDIUM] CWE-770 CVE-2025-54500: An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control fr An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-36504 [HIGH] CWE-770 CVE-2025-36504: When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-41399 [HIGH] CWE-404 CVE-2025-41399: When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisc When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-41433 [HIGH] CWE-476 CVE-2025-41433: When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway ( When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-41414 [HIGH] CWE-476 CVE-2025-41414: When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can ca When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVE-2025-31644 [HIGH] CWE-77 CVE-2025-31644: When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions

CVE-2025-36525 [HIGH] CWE-120 CVE-2025-36525: When a BIG-IP APM virtual server is configured to use a PingAccess profile, undisclosed requests can When a BIG-IP APM virtual server is configured to use a PingAccess profile, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-41431 [HIGH] CWE-787 CVE-2025-41431: When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traf When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic group. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-36557 [HIGH] CWE-120 CVE-2025-36557: When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undis When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-20058 [HIGH] CWE-400 CVE-2025-20058: When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cau When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVE-2025-23239 [HIGH] CWE-77 CVE-2025-23239: When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote co When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-20029 [HIGH] CWE-78 CVE-2025-20029: Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, w Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.