F5 Big-Ip Asm vulnerabilities

CVE-2025-58474 [MEDIUM] CWE-770 CVE-2025-58474: When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery (SSRF) protection or when... CVE-2025-58474: When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery (SSRF) protection or when... When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery (SSRF) protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed req

CVE-2025-59268 [MEDIUM] CWE-201 CVE-2025-59268: On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauth... CVE-2025-59268: On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauth... On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software

CVE-2025-58153 [HIGH] CWE-667 CVE-2025-58153: Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a Hig... CVE-2025-58153: Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a Hig... Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a High-Speed Bridge (HSB) may experience a lockup of the HSB. Note: Software versi

CVE-2025-59483 [HIGH] CWE-73 CVE-2025-59483: A validation vulnerability exists in an undisclosed URL in the Configuration utility CVE-2025-59483: A validation vulnerability exists in an undisclosed URL in the Configuration utility A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP AVR, BIG-IP A

CVE-2025-58424 [MEDIUM] CWE-340 CVE-2025-58424: On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols whic... CVE-2025-58424: On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols whic... On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection. Note: Software versions which ha

CVE-2025-52585 [HIGH] CWE-476 CVE-2025-52585: When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous D... CVE-2025-52585: When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous D... When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffi

CVE-2025-54500 [MEDIUM] CWE-770 CVE-2025-54500: An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to ... CVE-2025-54500: An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to ... An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Note:

CVE-2025-36504 [HIGH] CWE-770 CVE-2025-36504: When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increas... CVE-2025-36504: When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increas... When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached E

CVE-2025-36557 [HIGH] CWE-120 CVE-2025-36557: When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests c... CVE-2025-36557: When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests c... When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software

CVE-2025-31644 [HIGH] CWE-77 CVE-2025-31644: When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP T... CVE-2025-31644: When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP T... When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with adminis

CVE-2025-41433 [HIGH] CWE-476 CVE-2025-41433: When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is c... CVE-2025-41433: When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is c... When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause

CVE-2025-41431 [HIGH] CWE-787 CVE-2025-41431: When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Mi... CVE-2025-41431: When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Mi... When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic group.

CVE-2025-41399 [HIGH] CWE-404 CVE-2025-41399: When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests ca... CVE-2025-41399: When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests ca... When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions wh

CVE-2025-41414 [HIGH] CWE-476 CVE-2025-41414: When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate CVE-2025-41414: When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (

CVE-2025-23239 [HIGH] CWE-77 CVE-2025-23239: When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection v... CVE-2025-23239: When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection v... When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful expl

CVE-2025-20058 [HIGH] CWE-400 CVE-2025-20058: When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in... CVE-2025-20058: When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in... When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End o

CVE-2025-24326 [HIGH] CWE-787 CVE-2025-24326: When BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS Signatures feature is configured, undisclosed traffic can cas... CVE-2025-24326: When BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS Signatures feature is configured, undisclosed traffic can cas... When BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS Signatures feature is configured, undisclosed traffic can case an increase in memory resource utilization. Note: Software versions whic

CVE-2025-21087 [HIGH] CWE-400 CVE-2025-21087: When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undis... CVE-2025-21087: When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undis... When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization.

CVE-2025-24320 [HIGH] CWE-79 CVE-2025-24320: A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility t... CVE-2025-24320: A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility t... A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged

CVE-2025-20045 [HIGH] CWE-476 CVE-2025-20045: When SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled and SIP router ALG profile a... CVE-2025-20045: When SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled and SIP router ALG profile a... When SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled and SIP router ALG profile are configured on a Message Routing type virtual server, undisclosed traffic ca