F5 Big-Ip Next Cnf vulnerabilities
25 known vulnerabilities affecting f5/big-ip_next_cnf.
Total CVEs
25
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH22MEDIUM3
Vulnerabilities
Page 1 of 2
CVE-2026-40629HIGHCVSS 8.7≥ 2.0.0, < 2.0.3≥ 1.1.0, < 1.4.12026-05-13
CVE-2026-40629 [HIGH] CWE-770 CVE-2026-40629: When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual serv
When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
nvd
CVE-2026-41956HIGHCVSS 8.7≥ 2.0.0, < 2.0.3≥ 1.4.0, < 1.4.12026-05-13
CVE-2026-41956 [HIGH] CWE-121 CVE-2026-41956: When a classification profile is configured on a UDP virtual server, undisclosed requests can cause
When a classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
nvd
CVE-2026-42409HIGHCVSS 8.7≥ 2.0.0, < 2.0.3≥ 1.4.0, < 1.4.12026-05-13
CVE-2026-42409 [HIGH] CWE-476 CVE-2026-42409: When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are confi
When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
nvd
CVE-2026-40618HIGHCVSS 8.7≥ 2.0.0, < *≥ 1.1.0, < *2026-05-13
CVE-2026-40618 [HIGH] CWE-131 CVE-2026-40618: When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition (VE) without Intel Q
When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition (VE) without Intel QuickAssist Technology (QAT) or on BIG-IP hardware platforms with the database variable crypto.hwacceleration set to disabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.
Note: Software versions which have reache
nvd
CVE-2025-46706HIGHCVSS 8.7≥ 1.1.0, < *2025-10-15
CVE-2025-46706 [HIGH] CWE-770 CVE-2025-46706: When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed re
When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
nvdf5
CVE-2025-55670HIGHCVSS 7.1≥ 1.1.0, < *2025-10-15
CVE-2025-55670 [HIGH] CWE-770 CVE-2025-55670: On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for Kubernetes systems, repeated undisclosed AP
On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for Kubernetes systems, repeated undisclosed API calls can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
nvdf5
CVE-2025-61974HIGHCVSS 8.7≥ 2.0.0, < *≥ 1.1.0, < *2025-10-15
CVE-2025-61974 [HIGH] CWE-401 CVE-2025-61974: When a client SSL profile is configured on a virtual server, undisclosed requests can cause an incre
When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
nvdf5
CVE-2025-61990HIGHCVSS 8.7≥ 2.0.0, < *≥ 1.1.0, < *2025-10-15
CVE-2025-61990 [HIGH] CWE-415 CVE-2025-61990: When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traff
When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
nvdf5
CVE-2025-48008HIGHCVSS 8.7≥ 1.1.0, < *2025-10-15
CVE-2025-48008 [HIGH] CWE-416 CVE-2025-48008: When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed
When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
nvdf5
CVE-2025-58120HIGHCVSS 8.7≥ 2.0.0, < 2.0.1≥ 1.1.0, < *2025-10-15
CVE-2025-58120 [HIGH] CWE-476 CVE-2025-58120: When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel
When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
nvdf5
CVE-2025-54479HIGHCVSS 8.7≥ 2.0.0, < *≥ 1.1.0, < *2025-10-15
CVE-2025-54479 [HIGH] CWE-787 CVE-2025-54479: When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, u
When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
nvdf5
CVE-2025-59781HIGHCVSS 8.7≥ 1.1.0, < *2025-10-15
CVE-2025-59781 [HIGH] CWE-459 CVE-2025-59781: When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries
When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
nvdf5
CVE-2025-60016HIGHCVSS 8.7≥ 1.1.0, < 1.4.02025-10-15
CVE-2025-60016 [HIGH] CWE-119 CVE-2025-60016: When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in
When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group, and that profile is applied to a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS)
nvdf5
CVE-2025-58071HIGHCVSS 8.7≥ 2.0.0, < *≥ 1.1.0, < *2025-10-15
CVE-2025-58071 [HIGH] CWE-457 CVE-2025-58071: When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management
When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
nvdf5
CVE-2025-54805MEDIUMCVSS 6.0≥ 1.1.0, < *2025-10-15
CVE-2025-54805 [MEDIUM] CWE-401 CVE-2025-54805: When an iRule is configured on a virtual server via the declarative API, upon re-instantiation, the
When an iRule is configured on a virtual server via the declarative API, upon re-instantiation, the cleanup process can cause an increase in the Traffic Management Microkernel (TMM) memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
nvdf5
CVE-2025-54500MEDIUMCVSS 6.9≥ 2.0.0, < *≥ 1.1.0, < *2025-08-13
CVE-2025-54500 [MEDIUM] CWE-770 CVE-2025-54500: An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control fr
An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack).
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
nvdf5
CVE-2025-36504HIGHCVSS 8.7≥ 1.1.0, < 1.4.0≥ 1.1.0, < *2025-05-07
CVE-2025-36504 [HIGH] CWE-770 CVE-2025-36504: When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can
When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
nvdf5
CVE-2025-36557HIGHCVSS 8.7≥ 1.1.0, < 1.4.02025-05-07
CVE-2025-36557 [HIGH] CWE-120 CVE-2025-36557: When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undis
When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
nvdf5
CVE-2025-41399HIGHCVSS 8.7≥ 1.1.0, < 1.3.02025-05-07
CVE-2025-41399 [HIGH] CWE-404 CVE-2025-41399: When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisc
When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
nvdf5
CVE-2025-41414HIGHCVSS 8.7≥ 1.1.0, < 1.4.02025-05-07
CVE-2025-41414 [HIGH] CWE-476 CVE-2025-41414: When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can ca
When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
nvdf5
1 / 2Next →