cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-23413,https://securityvulnerability.io/vulnerability/CVE-2025-23413,Sensitive Information Exposure in F5 BIG-IP Next Central Manager,"BIG-IP Next Central Manager may inadvertently log sensitive user authentication information into the pgaudit log files during login via the webUI or API. This information can potentially be accessed by unauthorized individuals, posing a risk to data confidentiality and user security. Proper configuration and regular audits of log files are essential to mitigate the potential exposure of sensitive information.",F5,Big-ip Next Central Manager,6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:06.882Z,0
CVE-2025-20029,https://securityvulnerability.io/vulnerability/CVE-2025-20029,Command Injection Vulnerability in F5 Networks BIG-IP Product,"A command injection vulnerability has been identified in F5 Networks' BIG-IP product that affects its iControl REST interface and the TMOS Shell (tmsh) save command. This flaw could enable an authenticated attacker to exploit the system, allowing for arbitrary command execution on the affected devices. Proper security measures should be implemented to mitigate the risks associated with this vulnerability.",F5,Big-ip,8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:06.455Z,0
CVE-2025-24319,https://securityvulnerability.io/vulnerability/CVE-2025-24319,API Vulnerability in BIG-IP Next Central Manager by F5 Networks,"An API-related vulnerability in F5 Networks' BIG-IP Next Central Manager allows for the termination of the Kubernetes service due to undisclosed requests made to the BIG-IP Next Central Manager API. This could lead to unexpected service interruptions and impact system availability, necessitating immediate attention and remediation.",F5,Big-ip Next Central Manager,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:06.003Z,0
CVE-2025-24320,https://securityvulnerability.io/vulnerability/CVE-2025-24320,Stored Cross-Site Scripting Vulnerability in F5 BIG-IP Configuration Utility,"A stored cross-site scripting (XSS) vulnerability is present in an undisclosed page of the F5 BIG-IP Configuration utility. This flaw permits an attacker to execute JavaScript in the context of the currently logged-in user, potentially exposing sensitive data or compromising user sessions. The vulnerability arises from an incomplete fix related to a previous security issue, necessitating urgent attention to ensure robust defenses against unauthorized script execution.",F5,Big-ip,5.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:05.551Z,0
CVE-2025-24497,https://securityvulnerability.io/vulnerability/CVE-2025-24497,Undisclosed Request Vulnerability in F5 BIG-IP Virtual Server Configuration,"This vulnerability involves the F5 BIG-IP system, specifically when URL categorization is configured on a virtual server. Undisclosed requests can trigger a failure in TMM (Traffic Management Microkernel), leading to service disruption. It's important to note that versions of the software that have reached End of Technical Support (EoTS) are not included in the evaluation.",F5,Big-ip,8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:05.102Z,0
CVE-2025-24312,https://securityvulnerability.io/vulnerability/CVE-2025-24312,High CPU Resource Utilization in BIG-IP AFM with IPS Module by F5 Networks,"An issue has been identified in the BIG-IP AFM from F5 Networks where the IPS module, when enabled with a configured protocol inspection profile on a virtual server or firewall rule, may lead to excessive CPU resource utilization. This can potentially impact system performance as undisclosed traffic is processed, complicating network management. It is essential for users to review affected configurations and monitor resource usage to mitigate potential disruptions.",F5,"Big-ip,Big-ip Next Cnf",8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:04.659Z,0
CVE-2025-22846,https://securityvulnerability.io/vulnerability/CVE-2025-22846,Vulnerability in F5 Networks Traffic Management Microkernel (TMM) with SIP Session Profiles,"This vulnerability arises when SIP Session and Router ALG profiles are configured on a Message Routing type virtual server. Should certain undisclosed traffic patterns occur, it can inadvertently lead to the termination of the Traffic Management Microkernel (TMM), which may disrupt service availability and impact system performance.",F5,"Big-ip,Big-ip Next Spk",8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:04.163Z,0
CVE-2025-23412,https://securityvulnerability.io/vulnerability/CVE-2025-23412,Access Configuration Flaw in BIG-IP APM Affects F5 Networks,"A vulnerability exists within the BIG-IP APM Access Profile settings when deployed on a virtual server, allowing certain undisclosed requests to unexpectedly cause the Traffic Management Microkernel (TMM) to terminate. This flaw can disrupt the overall service availability and compromise the integrity of the access management process. Proper configuration and regular updates are crucial to mitigate potential exploits.",F5,Big-ip,8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:03.733Z,0
CVE-2025-23239,https://securityvulnerability.io/vulnerability/CVE-2025-23239,Remote Command Injection Vulnerability in F5 Appliance Mode,"An authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint when F5 appliances operate in Appliance mode. A successful exploitation of this vulnerability could allow attackers to execute unauthorized commands, potentially crossing a security boundary and leading to further compromises in the system's integrity.",F5,Big-ip,8.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:03.286Z,0
CVE-2025-24326,https://securityvulnerability.io/vulnerability/CVE-2025-24326,Behavioral DoS Vulnerability in BIG-IP Advanced WAF/ASM by F5 Networks,"The vulnerability resides in the configuration of the Behavioral DoS (BADoS) TLS Signatures feature in F5 Networks' BIG-IP Advanced WAF/ASM. When improperly managed, this could allow for undisclosed traffic patterns to lead to a significant increase in memory resource utilization. Organizations relying on this product must ensure that their configurations are properly optimized to mitigate potential performance issues.",F5,Big-ip,8.9,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:02.740Z,0
CVE-2025-20045,https://securityvulnerability.io/vulnerability/CVE-2025-20045,Application Level Gateway Exploit in F5 Networks' SIP Router Configuration,"A vulnerability exists in specific configurations of F5 Networks' SIP routing, where enabling the Application Level Gateway (ALG) mode with Passthru Mode can lead to unintentional termination of the Traffic Management Microkernel (TMM). This issue affects virtual servers configured for message routing and may expose the system to availability concerns due to unexpected traffic patterns. Users are advised to review their ALG settings and consider updates from F5 Networks to mitigate potential risks.",F5,Big-ip,8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:02.132Z,0
CVE-2025-22891,https://securityvulnerability.io/vulnerability/CVE-2025-22891,Denial of Service Vulnerability in F5 BIG-IP PEM Control Plane,"A denial of service vulnerability exists in the F5 BIG-IP PEM Control Plane when the listener Virtual Server is configured with a Diameter Endpoint profile. Malicious or unexpected traffic can lead to the Virtual Server ceasing to process new client connections, which may result in an increase in memory usage and potential service disruption. The issue primarily affects versions that have not reached End of Technical Support (EoTS).",F5,Big-ip,8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:01.627Z,0
CVE-2025-20058,https://securityvulnerability.io/vulnerability/CVE-2025-20058,Memory Resource Utilization Issue in BIG-IP by F5 Networks,"A memory resource utilization issue has been identified in F5 Networks' BIG-IP when using a message routing profile on a virtual server. This vulnerability arises from the handling of undisclosed traffic, which can lead to increased memory usage and may affect system performance. It is crucial for users of the affected versions of BIG-IP to monitor their systems and apply recommended configurations to mitigate potential risks.",F5,Big-ip,8.9,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:01.109Z,0
CVE-2025-23415,https://securityvulnerability.io/vulnerability/CVE-2025-23415,Insufficient Data Authenticity Verification in BIG-IP APM by F5 Networks,"A vulnerability in BIG-IP APM allows attackers to exploit insufficient verification of data authenticity during endpoint inspection, potentially enabling unauthorized bypassing of security checks for VPN connections initiated through the browser network access VPN client on Windows, macOS, and Linux operating systems.",F5,Big-ip,2.3,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:00.674Z,0
CVE-2025-21091,https://securityvulnerability.io/vulnerability/CVE-2025-21091,Memory Resource Utilization Issue in BIG-IP by F5 Networks,A specific issue has been identified in BIG-IP by F5 Networks where disabling SNMP versions 1 and 2c exposes the system to undisclosed requests that can lead to increased memory resource utilization. Organizations utilizing affected versions should be aware of this vulnerability and take proactive measures to manage their SNMP configurations and monitor memory usage to maintain optimal performance.,F5,Big-ip,8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:00.174Z,115
CVE-2025-21087,https://securityvulnerability.io/vulnerability/CVE-2025-21087,Increased Resource Utilization in F5's Virtual Server and DNSSEC Operations,"A vulnerability exists in F5's BIG-IP product when Client or Server SSL profiles are configured on a Virtual Server, or during DNSSEC signing operations. Undisclosed traffic may lead to an unexpected increase in memory and CPU utilization, impacting performance and potentially resulting in service disruption.",F5,"Big-ip,Big-ip Next",8.9,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:30:59.689Z,0
CVE-2024-37028,https://securityvulnerability.io/vulnerability/CVE-2024-37028,F5 BIG-IP Next Central Manager Vulnerability Allows for Unauthorized Account Lockouts,BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.,F5,Big-ip Next Central Manager,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-14T14:32:33.153Z,0
CVE-2024-39809,https://securityvulnerability.io/vulnerability/CVE-2024-39809,User Session Refresh Token No Longer Expiring After Logout,"A vulnerability exists in F5 Networks' Central Manager where the user session refresh token does not expire upon user logout. This flaw can potentially allow unauthorized access to user sessions, leading to privacy breaches and data exposure risks. It is important for organizations to ensure that their systems are updated and that configurations are reviewed to mitigate this risk, especially in light of versions that have reached End of Technical Support (EoTS) not being evaluated for this vulnerability.",F5,Big-ip Next Central Manager,8.8,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2024-08-14T14:32:32.789Z,0
CVE-2024-41719,https://securityvulnerability.io/vulnerability/CVE-2024-41719,BIG-IP Next Logs Include F5 iHealth Credentials,"When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM),  F5 iHealth credentials will be logged in the BIG-IP Central Manager logs.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Next Central Manager,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-14T14:32:32.375Z,0
CVE-2024-41727,https://securityvulnerability.io/vulnerability/CVE-2024-41727,Memory Resource Utilization Increase in BIG-IP Tenants on Certain Hardware,"A vulnerability exists in F5 Networks' BIG-IP product impacting tenants operated on r2000 and r4000 series hardware, as well as the BIG-IP Virtual Edition using Intel E810 SR-IOV NIC. This issue can lead to increased memory resource utilization due to undisclosed traffic patterns. It's important for organizations using affected versions to review and address this resource management concern to maintain optimal operation and ensure system performance.",F5,Big-ip,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-14T14:32:32.000Z,0
CVE-2024-41164,https://securityvulnerability.io/vulnerability/CVE-2024-41164,Traffic Termination Due to Unforeseen Circumstances in Virtual Servers,"A configuration fault exists in F5 Networks' Virtual Server when Multipath TCP (MPTCP) is enabled. Undisclosed traffic, along with specific conditions outside the attacker's control, can lead to an unexpected termination of the Traffic Management Microkernel (TMM). This vulnerability highlights the need for diligent monitoring and management of MPTCP settings to prevent potential disruptions and maintain service integrity.",F5,"Big-ip,Big-ip Next Cnf,Big-ip Next Spk",7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-14T14:32:31.623Z,0
CVE-2024-39778,https://securityvulnerability.io/vulnerability/CVE-2024-39778,Undisclosed Requests Can Cause TMM Termination in BIG-IP with High-Speed Bridge (HSB),A significant vulnerability exists in the F5 BIG-IP system when a stateless virtual server is configured with a High-Speed Bridge (HSB). This issue allows for certain undisclosed requests to inadvertently cause the Traffic Management Microkernel (TMM) to terminate. It is essential for users to examine their system configurations and ensure that they are not using versions that have reached End of Technical Support (EoTS) to mitigate potential security risks. Addressing this vulnerability is crucial for maintaining the integrity and availability of services running on the BIG-IP platform.,F5,Big-ip,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-14T14:32:31.250Z,0
CVE-2024-41723,https://securityvulnerability.io/vulnerability/CVE-2024-41723,F5 BIG-IP iControl REST Vulnerability Leads to User Account Name Leak,Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.,F5,Big-ip,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-08-14T14:32:30.852Z,0
CVE-2024-32761,https://securityvulnerability.io/vulnerability/CVE-2024-32761,Potential Data Leak in BIG-IP TMMs on VELOS and rSeries Platforms,"
Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is beyond an attacker's control.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,Big-ip,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-08T15:01:29.122Z,0
CVE-2024-26026,https://securityvulnerability.io/vulnerability/CVE-2024-26026,F5 Networks BIG-IP Next Central Manager API SQL Injection Vulnerability,"An SQL injection vulnerability has been identified in the F5 Networks BIG-IP Next Central Manager API which could allow an attacker to manipulate database queries through crafted input. This can lead to unauthorized data access or alteration, significantly compromising system integrity and privacy. It is essential to apply patches or updates to the affected products to mitigate potential exploitation risks. Software versions that have reached End of Technical Support (EoTS) are not considered in this evaluation, highlighting the importance of maintaining up-to-date software.",F5,Big-ip Next Central Manager,9.8,CRITICAL,0.000910000002477318,false,,true,false,true,2024-05-09T12:14:14.000Z,true,true,false,,2024-05-08T15:01:28.771Z,8445