cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-23413,https://securityvulnerability.io/vulnerability/CVE-2025-23413,Sensitive Information Exposure in F5 BIG-IP Next Central Manager,"BIG-IP Next Central Manager may inadvertently log sensitive user authentication information into the pgaudit log files during login via the webUI or API. This information can potentially be accessed by unauthorized individuals, posing a risk to data confidentiality and user security. Proper configuration and regular audits of log files are essential to mitigate the potential exposure of sensitive information.",F5,Big-ip Next Central Manager,6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:06.882Z,0
CVE-2025-24319,https://securityvulnerability.io/vulnerability/CVE-2025-24319,API Vulnerability in BIG-IP Next Central Manager by F5 Networks,"An API-related vulnerability in F5 Networks' BIG-IP Next Central Manager allows for the termination of the Kubernetes service due to undisclosed requests made to the BIG-IP Next Central Manager API. This could lead to unexpected service interruptions and impact system availability, necessitating immediate attention and remediation.",F5,Big-ip Next Central Manager,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:06.003Z,0
CVE-2025-24312,https://securityvulnerability.io/vulnerability/CVE-2025-24312,High CPU Resource Utilization in BIG-IP AFM with IPS Module by F5 Networks,"An issue has been identified in the BIG-IP AFM from F5 Networks where the IPS module, when enabled with a configured protocol inspection profile on a virtual server or firewall rule, may lead to excessive CPU resource utilization. This can potentially impact system performance as undisclosed traffic is processed, complicating network management. It is essential for users to review affected configurations and monitor resource usage to mitigate potential disruptions.",F5,"Big-ip,Big-ip Next Cnf",8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:04.659Z,0
CVE-2025-22846,https://securityvulnerability.io/vulnerability/CVE-2025-22846,Vulnerability in F5 Networks Traffic Management Microkernel (TMM) with SIP Session Profiles,"This vulnerability arises when SIP Session and Router ALG profiles are configured on a Message Routing type virtual server. Should certain undisclosed traffic patterns occur, it can inadvertently lead to the termination of the Traffic Management Microkernel (TMM), which may disrupt service availability and impact system performance.",F5,"Big-ip,Big-ip Next Spk",8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:04.163Z,0
CVE-2025-21087,https://securityvulnerability.io/vulnerability/CVE-2025-21087,Increased Resource Utilization in F5's Virtual Server and DNSSEC Operations,"A vulnerability exists in F5's BIG-IP product when Client or Server SSL profiles are configured on a Virtual Server, or during DNSSEC signing operations. Undisclosed traffic may lead to an unexpected increase in memory and CPU utilization, impacting performance and potentially resulting in service disruption.",F5,"Big-ip,Big-ip Next",8.9,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:30:59.689Z,0
CVE-2024-37028,https://securityvulnerability.io/vulnerability/CVE-2024-37028,F5 BIG-IP Next Central Manager Vulnerability Allows for Unauthorized Account Lockouts,BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.,F5,Big-ip Next Central Manager,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-14T14:32:33.153Z,0
CVE-2024-39809,https://securityvulnerability.io/vulnerability/CVE-2024-39809,User Session Refresh Token No Longer Expiring After Logout,"A vulnerability exists in F5 Networks' Central Manager where the user session refresh token does not expire upon user logout. This flaw can potentially allow unauthorized access to user sessions, leading to privacy breaches and data exposure risks. It is important for organizations to ensure that their systems are updated and that configurations are reviewed to mitigate this risk, especially in light of versions that have reached End of Technical Support (EoTS) not being evaluated for this vulnerability.",F5,Big-ip Next Central Manager,8.8,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2024-08-14T14:32:32.789Z,0
CVE-2024-41719,https://securityvulnerability.io/vulnerability/CVE-2024-41719,BIG-IP Next Logs Include F5 iHealth Credentials,"When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM),  F5 iHealth credentials will be logged in the BIG-IP Central Manager logs.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Next Central Manager,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-14T14:32:32.375Z,0
CVE-2024-41164,https://securityvulnerability.io/vulnerability/CVE-2024-41164,Traffic Termination Due to Unforeseen Circumstances in Virtual Servers,"A configuration fault exists in F5 Networks' Virtual Server when Multipath TCP (MPTCP) is enabled. Undisclosed traffic, along with specific conditions outside the attacker's control, can lead to an unexpected termination of the Traffic Management Microkernel (TMM). This vulnerability highlights the need for diligent monitoring and management of MPTCP settings to prevent potential disruptions and maintain service integrity.",F5,"Big-ip,Big-ip Next Cnf,Big-ip Next Spk",7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-14T14:32:31.623Z,0
CVE-2024-26026,https://securityvulnerability.io/vulnerability/CVE-2024-26026,F5 Networks BIG-IP Next Central Manager API SQL Injection Vulnerability,"An SQL injection vulnerability has been identified in the F5 Networks BIG-IP Next Central Manager API which could allow an attacker to manipulate database queries through crafted input. This can lead to unauthorized data access or alteration, significantly compromising system integrity and privacy. It is essential to apply patches or updates to the affected products to mitigate potential exploitation risks. Software versions that have reached End of Technical Support (EoTS) are not considered in this evaluation, highlighting the importance of maintaining up-to-date software.",F5,Big-ip Next Central Manager,9.8,CRITICAL,0.000910000002477318,false,,true,false,true,2024-05-09T12:14:14.000Z,true,true,false,,2024-05-08T15:01:28.771Z,8445
CVE-2024-21793,https://securityvulnerability.io/vulnerability/CVE-2024-21793,OData Injection Vulnerability in F5 Networks' BIG-IP Next Central Manager API,"An OData injection vulnerability has been identified in the BIG-IP Next Central Manager API, potentially allowing attackers to exploit the API through crafted OData requests. This vulnerability impacts the integrity and availability of the affected products, emphasizing the need for immediate awareness and remediation strategies. It's important to note that software versions which have reached End of Technical Support (EoTS) are not evaluated for this vulnerability. Users are advised to apply appropriate security patches to mitigate the risk associated with this vulnerability.",F5,Big-ip Next Central Manager,9.8,CRITICAL,0.000910000002477318,false,,true,true,true,2024-05-09T13:52:32.000Z,,false,false,,2024-05-08T15:01:28.422Z,0
CVE-2024-33612,https://securityvulnerability.io/vulnerability/CVE-2024-33612,Improper Certificate Validation Vulnerability in BIG-IP Central Manager Could Allow Impersonation of Instance Provider Systems,"An improper certificate validation vulnerability exists in BIG-IP Next Central Manager, presenting a risk where attackers may successfully impersonate an Instance Provider system. This flaw can facilitate an intruder's ability to bypass security boundaries, potentially leading to unauthorized access and compromise of sensitive information. Specific software versions that have reached End of Technical Support (EoTS) are not subject to this evaluation.",F5,Big-ip Next Central Manager,8,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2024-05-08T15:01:28.082Z,0
CVE-2024-28132,https://securityvulnerability.io/vulnerability/CVE-2024-28132,Sensitive Information Vulnerability in GSLB Container,"
Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.



",F5,Big-ip Next Cnf,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-08T15:01:27.035Z,0
CVE-2024-32049,https://securityvulnerability.io/vulnerability/CVE-2024-32049,Unauthenticated Remote Attackers May Obtain BIG-IP Next LTM/WAF Instance Credentials,"The F5 BIG-IP Next Central Manager (CM) is impacted by a vulnerability that could enable unauthenticated, remote attackers to gain access to the credentials of F5 BIG-IP Next Local Traffic Manager (LTM) and Web Application Firewall (WAF) instances. This security issue presents a critical risk to the integrity and confidentiality of the affected systems, permitting adversaries to potentially exploit sensitive information without proper authorization. It is essential for organizations using F5 products to assess their exposure and implement necessary mitigations.",F5,Big-ip Next Central Manager,7.4,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2024-05-08T15:01:26.346Z,0
CVE-2024-25560,https://securityvulnerability.io/vulnerability/CVE-2024-25560,Undisclosed DNS Traffic Can Cause BIG-IP AFM TMM Termination,"A vulnerability in the BIG-IP Advanced Firewall Manager (AFM) from F5 Networks has been identified, which allows undetected DNS traffic to disrupt the operation of the Traffic Management Microkernel (TMM). When BIG-IP AFM is licensed and provisioned, such traffic can lead to unexpected termination of the TMM, potentially impacting the security and availability of network services. Users are advised to review their configurations and apply any available updates to mitigate this issue.",F5,"Big-ip,Big-ip Next Cnf",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-08T15:01:25.651Z,0
CVE-2024-23306,https://securityvulnerability.io/vulnerability/CVE-2024-23306,Undisclosed Sensitive Files Vulnerability in BIG-IP Next CNF and SPK Systems,"A vulnerability has been identified in BIG-IP Next CNF and SPK systems, which may potentially allow unauthorized access to sensitive files. This issue affects specific software versions, particularly those not falling under End of Technical Support (EoTS) guidelines, highlighting the importance of active monitoring and timely updates to protect your infrastructure.",F5,"BIG-IP Next SPK,BIG-IP Next CNF",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-14T16:30:23.515Z,0
CVE-2024-23314,https://securityvulnerability.io/vulnerability/CVE-2024-23314,Undisclosed Responses in HTTP/2 Configured BIG-IP Systems Can Cause TMM Termination,"A vulnerability impacting F5 Networks' BIG-IP and BIG-IP Next systems arises when HTTP/2 is configured. This can lead to undefined responses causing the Traffic Management Microkernel (TMM) to unexpectedly terminate. It is essential for organizations using these platforms to evaluate their configurations and apply necessary patches to prevent system disruptions, particularly for software versions that are still under support.",F5,"Big-ip,Big-ip Next Spk",7.5,HIGH,0.0007800000021234155,false,,false,false,false,,,false,false,,2024-02-14T16:30:23.152Z,0
CVE-2023-45886,https://securityvulnerability.io/vulnerability/CVE-2023-45886,Denial of Service Vulnerability in IP Infusion ZebOS BGP Daemon,"The BGP daemon (bgpd) in IP Infusion ZebOS versions up to 7.10.6 is susceptible to a denial of service attack. Remote attackers can exploit this vulnerability by sending specifically crafted BGP update messages that contain malformed attributes. This oversight in attribute handling may cause the BGP daemon to crash or become unresponsive, impacting network operations and service availability. Both service providers and organizations using IP Infusion ZebOS should take immediate action to safeguard their networks against possible exploitation.",F5,Big-ip Next,7.5,HIGH,0.005530000198632479,false,,false,false,false,,,false,false,,2023-11-21T00:00:00.000Z,0
CVE-2023-45226,https://securityvulnerability.io/vulnerability/CVE-2023-45226,BIG-IP Next SPK SSH vulnerability,"The Traffic Management Module (TMM) in F5 BIG-IP products has been found to contain hardcoded credentials within the f5-debug-sidecar and f5-debug-sshd containers. This security flaw allows an attacker who can intercept traffic to impersonate the SPK Secure Shell (SSH) server, posing significant risks when SSH debugging is enabled. Organizations using affected software versions should review their configurations to mitigate potential exploitation of this vulnerability, especially for versions that have not reached End of Technical Support.",F5,Big-ip Next Spk,7.4,HIGH,0.0013699999544769526,false,,false,false,false,,,false,false,,2023-10-10T13:15:00.000Z,0
CVE-2023-40534,https://securityvulnerability.io/vulnerability/CVE-2023-40534,BIG-IP HTTP/2 vulnerability,"A vulnerability exists in F5 BIG-IP when a client's HTTP/2 profile and HTTP MRF Router option are enabled on a virtual server. If an iRule configured with the HTTP_REQUEST event or a Local Traffic Policy is associated with this virtual server, certain undisclosed requests may lead to the termination of the Traffic Management Microkernel (TMM). This issue emphasizes the need for vigilant monitoring and management of configurations to prevent service interruptions.",F5,"Big-ip,Big-ip Next Spk",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-10T13:15:00.000Z,0