F5 Big-Ip Dns vulnerabilities

CVE-2025-58153 [HIGH] CWE-667 CVE-2025-58153: Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a Hig... CVE-2025-58153: Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a Hig... Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a High-Speed Bridge (HSB) may experience a lockup of the HSB. Note: Software versi

CVE-2025-59483 [HIGH] CWE-73 CVE-2025-59483: A validation vulnerability exists in an undisclosed URL in the Configuration utility CVE-2025-59483: A validation vulnerability exists in an undisclosed URL in the Configuration utility A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP AVR, BIG-IP A

CVE-2025-58424 [MEDIUM] CWE-340 CVE-2025-58424: On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols whic... CVE-2025-58424: On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols whic... On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection. Note: Software versions which ha

CVE-2025-52585 [HIGH] CWE-476 CVE-2025-52585: When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous D... CVE-2025-52585: When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous D... When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffi

CVE-2025-54500 [MEDIUM] CWE-770 CVE-2025-54500: An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to ... CVE-2025-54500: An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to ... An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Note:

CVE-2025-36504 [HIGH] CWE-770 CVE-2025-36504: When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increas... CVE-2025-36504: When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increas... When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached E

CVE-2025-36557 [HIGH] CWE-120 CVE-2025-36557: When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests c... CVE-2025-36557: When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests c... When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software

CVE-2025-31644 [HIGH] CWE-77 CVE-2025-31644: When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP T... CVE-2025-31644: When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP T... When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with adminis

CVE-2025-41433 [HIGH] CWE-476 CVE-2025-41433: When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is c... CVE-2025-41433: When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is c... When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause

CVE-2025-41431 [HIGH] CWE-787 CVE-2025-41431: When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Mi... CVE-2025-41431: When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Mi... When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic group.

CVE-2025-41399 [HIGH] CWE-404 CVE-2025-41399: When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests ca... CVE-2025-41399: When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests ca... When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions wh

CVE-2025-41414 [HIGH] CWE-476 CVE-2025-41414: When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate CVE-2025-41414: When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (

CVE-2025-23239 [HIGH] CWE-77 CVE-2025-23239: When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection v... CVE-2025-23239: When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection v... When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful expl

CVE-2025-20058 [HIGH] CWE-400 CVE-2025-20058: When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in... CVE-2025-20058: When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in... When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End o

CVE-2025-21087 [HIGH] CWE-400 CVE-2025-21087: When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undis... CVE-2025-21087: When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undis... When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization.

CVE-2025-24320 [HIGH] CWE-79 CVE-2025-24320: A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility t... CVE-2025-24320: A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility t... A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged

CVE-2025-20045 [HIGH] CWE-476 CVE-2025-20045: When SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled and SIP router ALG profile a... CVE-2025-20045: When SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled and SIP router ALG profile a... When SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled and SIP router ALG profile are configured on a Message Routing type virtual server, undisclosed traffic ca

CVE-2025-22846 [HIGH] CWE-404 CVE-2025-22846: When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic... CVE-2025-22846: When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic... When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Soft

CVE-2025-20029 [HIGH] CWE-78 CVE-2025-20029: Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an... CVE-2025-20029: Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an... Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands. Note: Softwar

CVE-2025-21091 [HIGH] CWE-401 CVE-2025-21091: When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utiliza... CVE-2025-21091: When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utiliza... When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support