F5 Big-Ip Afm vulnerabilities

CVE-2025-58424 [MEDIUM] CWE-340 CVE-2025-58424: On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols whic... CVE-2025-58424: On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols whic... On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection. Note: Software versions which ha

CVE-2025-52585 [HIGH] CWE-476 CVE-2025-52585: When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous D... CVE-2025-52585: When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous D... When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffi

CVE-2025-54500 [MEDIUM] CWE-770 CVE-2025-54500: An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to ... CVE-2025-54500: An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to ... An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Note:

CVE-2025-36504 [HIGH] CWE-770 CVE-2025-36504: When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increas... CVE-2025-36504: When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increas... When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached E

CVE-2025-36557 [HIGH] CWE-120 CVE-2025-36557: When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests c... CVE-2025-36557: When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests c... When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software

CVE-2025-31644 [HIGH] CWE-77 CVE-2025-31644: When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP T... CVE-2025-31644: When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP T... When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with adminis

CVE-2025-41433 [HIGH] CWE-476 CVE-2025-41433: When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is c... CVE-2025-41433: When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is c... When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause

CVE-2025-41431 [HIGH] CWE-787 CVE-2025-41431: When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Mi... CVE-2025-41431: When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Mi... When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic group.

CVE-2025-41399 [HIGH] CWE-404 CVE-2025-41399: When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests ca... CVE-2025-41399: When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests ca... When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions wh

CVE-2025-41414 [HIGH] CWE-476 CVE-2025-41414: When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate CVE-2025-41414: When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (

CVE-2025-24312 [HIGH] CWE-770 CVE-2025-24312: When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual ser... CVE-2025-24312: When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual ser... When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in C

CVE-2025-23239 [HIGH] CWE-77 CVE-2025-23239: When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection v... CVE-2025-23239: When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection v... When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful expl

CVE-2025-20058 [HIGH] CWE-400 CVE-2025-20058: When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in... CVE-2025-20058: When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in... When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End o

CVE-2025-21087 [HIGH] CWE-400 CVE-2025-21087: When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undis... CVE-2025-21087: When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undis... When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization.

CVE-2025-24320 [HIGH] CWE-79 CVE-2025-24320: A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility t... CVE-2025-24320: A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility t... A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged

CVE-2025-20045 [HIGH] CWE-476 CVE-2025-20045: When SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled and SIP router ALG profile a... CVE-2025-20045: When SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled and SIP router ALG profile a... When SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled and SIP router ALG profile are configured on a Message Routing type virtual server, undisclosed traffic ca

CVE-2025-22846 [HIGH] CWE-404 CVE-2025-22846: When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic... CVE-2025-22846: When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic... When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Soft

CVE-2025-20029 [HIGH] CWE-78 CVE-2025-20029: Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an... CVE-2025-20029: Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an... Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands. Note: Softwar

CVE-2025-21091 [HIGH] CWE-401 CVE-2025-21091: When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utiliza... CVE-2025-21091: When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utiliza... When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support

CVE-2024-45844 [HIGH] CWE-306 CVE-2024-45844: BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lock... CVE-2024-45844: BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lock... BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Sup