F5 Big-Ip Policy Enforcement Manager vulnerabilities

CVE-2025-52585 [HIGH] CWE-476 CVE-2025-52585: When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enable When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-54500 [MEDIUM] CWE-770 CVE-2025-54500: An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control fr An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-36504 [HIGH] CWE-770 CVE-2025-36504: When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-35995 [HIGH] CWE-125 CVE-2025-35995: When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or a When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-41399 [HIGH] CWE-404 CVE-2025-41399: When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisc When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-41433 [HIGH] CWE-476 CVE-2025-41433: When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway ( When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-41414 [HIGH] CWE-476 CVE-2025-41414: When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can ca When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVE-2025-31644 [HIGH] CWE-77 CVE-2025-31644: When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions

CVE-2025-41431 [HIGH] CWE-787 CVE-2025-41431: When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traf When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic group. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-36557 [HIGH] CWE-120 CVE-2025-36557: When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undis When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-20058 [HIGH] CWE-400 CVE-2025-20058: When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cau When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVE-2025-23239 [HIGH] CWE-77 CVE-2025-23239: When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote co When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-20029 [HIGH] CWE-78 CVE-2025-20029: Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, w Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-21087 [HIGH] CWE-400 CVE-2025-21087: When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVE-2025-20045 [HIGH] CWE-476 CVE-2025-20045: When SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled and SIP rou When SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled and SIP router ALG profile are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-24497 [HIGH] CWE-125 CVE-2025-24497: When URL categorization is configured on a virtual server, undisclosed requests can cause TMM to ter When URL categorization is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-22891 [HIGH] CWE-772 CVE-2025-22891: When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-21091 [HIGH] CWE-401 CVE-2025-21091: When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVE-2025-22846 [HIGH] CWE-404 CVE-2025-22846: When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, un When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2025-24320 [MEDIUM] CVE-2025-24320: A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Config A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. This vulnerability is due to an incomplete fix for CVE-2024-31156 https://my.f5.com/manage/s/article/K000138636 . Note: Software versions which have rea