cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-23419,https://securityvulnerability.io/vulnerability/CVE-2025-23419,Session Resumption Vulnerability in NGINX Affected by Client Certificate Authentication Bypass,"A vulnerability exists in NGINX that allows an attacker to bypass client certificate authentication when multiple server blocks share the same IP address and port. This flaw is particularly exploitable when using TLS Session Tickets and/or the SSL session cache in the default server. As a result, security measures intended to enforce certificate checks can be undermined, exposing servers to potential unauthorized access.",F5,"Nginx Open Source,Nginx Plus",5.3,MEDIUM,0.0004299999854993075,false,,true,false,true,2025-02-07T20:16:56.000Z,false,false,false,,2025-02-05T17:31:07.316Z,1111
CVE-2025-23413,https://securityvulnerability.io/vulnerability/CVE-2025-23413,Sensitive Information Exposure in F5 BIG-IP Next Central Manager,"BIG-IP Next Central Manager may inadvertently log sensitive user authentication information into the pgaudit log files during login via the webUI or API. This information can potentially be accessed by unauthorized individuals, posing a risk to data confidentiality and user security. Proper configuration and regular audits of log files are essential to mitigate the potential exposure of sensitive information.",F5,Big-ip Next Central Manager,6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:06.882Z,0
CVE-2025-20029,https://securityvulnerability.io/vulnerability/CVE-2025-20029,Command Injection Vulnerability in F5 Networks BIG-IP Product,"A command injection vulnerability has been identified in F5 Networks' BIG-IP product that affects its iControl REST interface and the TMOS Shell (tmsh) save command. This flaw could enable an authenticated attacker to exploit the system, allowing for arbitrary command execution on the affected devices. Proper security measures should be implemented to mitigate the risks associated with this vulnerability.",F5,Big-ip,8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:06.455Z,0
CVE-2025-24319,https://securityvulnerability.io/vulnerability/CVE-2025-24319,API Vulnerability in BIG-IP Next Central Manager by F5 Networks,"An API-related vulnerability in F5 Networks' BIG-IP Next Central Manager allows for the termination of the Kubernetes service due to undisclosed requests made to the BIG-IP Next Central Manager API. This could lead to unexpected service interruptions and impact system availability, necessitating immediate attention and remediation.",F5,Big-ip Next Central Manager,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:06.003Z,0
CVE-2025-24320,https://securityvulnerability.io/vulnerability/CVE-2025-24320,Stored Cross-Site Scripting Vulnerability in F5 BIG-IP Configuration Utility,"A stored cross-site scripting (XSS) vulnerability is present in an undisclosed page of the F5 BIG-IP Configuration utility. This flaw permits an attacker to execute JavaScript in the context of the currently logged-in user, potentially exposing sensitive data or compromising user sessions. The vulnerability arises from an incomplete fix related to a previous security issue, necessitating urgent attention to ensure robust defenses against unauthorized script execution.",F5,Big-ip,5.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:05.551Z,0
CVE-2025-24497,https://securityvulnerability.io/vulnerability/CVE-2025-24497,Undisclosed Request Vulnerability in F5 BIG-IP Virtual Server Configuration,"This vulnerability involves the F5 BIG-IP system, specifically when URL categorization is configured on a virtual server. Undisclosed requests can trigger a failure in TMM (Traffic Management Microkernel), leading to service disruption. It's important to note that versions of the software that have reached End of Technical Support (EoTS) are not included in the evaluation.",F5,Big-ip,8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:05.102Z,0
CVE-2025-24312,https://securityvulnerability.io/vulnerability/CVE-2025-24312,High CPU Resource Utilization in BIG-IP AFM with IPS Module by F5 Networks,"An issue has been identified in the BIG-IP AFM from F5 Networks where the IPS module, when enabled with a configured protocol inspection profile on a virtual server or firewall rule, may lead to excessive CPU resource utilization. This can potentially impact system performance as undisclosed traffic is processed, complicating network management. It is essential for users to review affected configurations and monitor resource usage to mitigate potential disruptions.",F5,"Big-ip,Big-ip Next Cnf",8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:04.659Z,0
CVE-2025-22846,https://securityvulnerability.io/vulnerability/CVE-2025-22846,Vulnerability in F5 Networks Traffic Management Microkernel (TMM) with SIP Session Profiles,"This vulnerability arises when SIP Session and Router ALG profiles are configured on a Message Routing type virtual server. Should certain undisclosed traffic patterns occur, it can inadvertently lead to the termination of the Traffic Management Microkernel (TMM), which may disrupt service availability and impact system performance.",F5,"Big-ip,Big-ip Next Spk",8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:04.163Z,0
CVE-2025-23412,https://securityvulnerability.io/vulnerability/CVE-2025-23412,Access Configuration Flaw in BIG-IP APM Affects F5 Networks,"A vulnerability exists within the BIG-IP APM Access Profile settings when deployed on a virtual server, allowing certain undisclosed requests to unexpectedly cause the Traffic Management Microkernel (TMM) to terminate. This flaw can disrupt the overall service availability and compromise the integrity of the access management process. Proper configuration and regular updates are crucial to mitigate potential exploits.",F5,Big-ip,8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:03.733Z,0
CVE-2025-23239,https://securityvulnerability.io/vulnerability/CVE-2025-23239,Remote Command Injection Vulnerability in F5 Appliance Mode,"An authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint when F5 appliances operate in Appliance mode. A successful exploitation of this vulnerability could allow attackers to execute unauthorized commands, potentially crossing a security boundary and leading to further compromises in the system's integrity.",F5,Big-ip,8.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:03.286Z,0
CVE-2025-24326,https://securityvulnerability.io/vulnerability/CVE-2025-24326,Behavioral DoS Vulnerability in BIG-IP Advanced WAF/ASM by F5 Networks,"The vulnerability resides in the configuration of the Behavioral DoS (BADoS) TLS Signatures feature in F5 Networks' BIG-IP Advanced WAF/ASM. When improperly managed, this could allow for undisclosed traffic patterns to lead to a significant increase in memory resource utilization. Organizations relying on this product must ensure that their configurations are properly optimized to mitigate potential performance issues.",F5,Big-ip,8.9,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:02.740Z,0
CVE-2025-20045,https://securityvulnerability.io/vulnerability/CVE-2025-20045,Application Level Gateway Exploit in F5 Networks' SIP Router Configuration,"A vulnerability exists in specific configurations of F5 Networks' SIP routing, where enabling the Application Level Gateway (ALG) mode with Passthru Mode can lead to unintentional termination of the Traffic Management Microkernel (TMM). This issue affects virtual servers configured for message routing and may expose the system to availability concerns due to unexpected traffic patterns. Users are advised to review their ALG settings and consider updates from F5 Networks to mitigate potential risks.",F5,Big-ip,8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:02.132Z,0
CVE-2025-22891,https://securityvulnerability.io/vulnerability/CVE-2025-22891,Denial of Service Vulnerability in F5 BIG-IP PEM Control Plane,"A denial of service vulnerability exists in the F5 BIG-IP PEM Control Plane when the listener Virtual Server is configured with a Diameter Endpoint profile. Malicious or unexpected traffic can lead to the Virtual Server ceasing to process new client connections, which may result in an increase in memory usage and potential service disruption. The issue primarily affects versions that have not reached End of Technical Support (EoTS).",F5,Big-ip,8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:01.627Z,0
CVE-2025-20058,https://securityvulnerability.io/vulnerability/CVE-2025-20058,Memory Resource Utilization Issue in BIG-IP by F5 Networks,"A memory resource utilization issue has been identified in F5 Networks' BIG-IP when using a message routing profile on a virtual server. This vulnerability arises from the handling of undisclosed traffic, which can lead to increased memory usage and may affect system performance. It is crucial for users of the affected versions of BIG-IP to monitor their systems and apply recommended configurations to mitigate potential risks.",F5,Big-ip,8.9,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:01.109Z,0
CVE-2025-23415,https://securityvulnerability.io/vulnerability/CVE-2025-23415,Insufficient Data Authenticity Verification in BIG-IP APM by F5 Networks,"A vulnerability in BIG-IP APM allows attackers to exploit insufficient verification of data authenticity during endpoint inspection, potentially enabling unauthorized bypassing of security checks for VPN connections initiated through the browser network access VPN client on Windows, macOS, and Linux operating systems.",F5,Big-ip,2.3,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:00.674Z,0
CVE-2025-21091,https://securityvulnerability.io/vulnerability/CVE-2025-21091,Memory Resource Utilization Issue in BIG-IP by F5 Networks,A specific issue has been identified in BIG-IP by F5 Networks where disabling SNMP versions 1 and 2c exposes the system to undisclosed requests that can lead to increased memory resource utilization. Organizations utilizing affected versions should be aware of this vulnerability and take proactive measures to manage their SNMP configurations and monitor memory usage to maintain optimal performance.,F5,Big-ip,8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:31:00.174Z,115
CVE-2025-21087,https://securityvulnerability.io/vulnerability/CVE-2025-21087,Increased Resource Utilization in F5's Virtual Server and DNSSEC Operations,"A vulnerability exists in F5's BIG-IP product when Client or Server SSL profiles are configured on a Virtual Server, or during DNSSEC signing operations. Undisclosed traffic may lead to an unexpected increase in memory and CPU utilization, impacting performance and potentially resulting in service disruption.",F5,"Big-ip,Big-ip Next",8.9,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T17:30:59.689Z,0
CVE-2024-45844,https://securityvulnerability.io/vulnerability/CVE-2024-45844,BIG-IP Monitor Functionality Vulnerability Allows Bypass of Access Control Restrictions,"The vulnerability CVE-2024-45844 affects F5 Networks' BIG-IP monitor functionality and allows attackers to bypass access control restrictions, potentially compromising the system. An attacker with Manager role privileges can elevate their privileges and modify the configuration, even with port lockdown settings in place. A PoC exploit has been published, demonstrating how an attacker with Manager role privileges can create a Local Traffic Manager monitor and use it to send a malicious MCP message, effectively bypassing access control restrictions. It is advised that organizations using affected versions update their systems to the latest fixed versions as soon as possible and implement temporary mitigations until updates are applied. The CVSSv4 score for this vulnerability is 8.6, indicating a high severity level, and organizations are urged to take immediate action to protect their BIG-IP systems.",F5 Networks,,,,0.0004299999854993075,false,,true,false,true,2024-10-18T05:00:41.000Z,,false,false,,2024-10-16T15:15:00.000Z,0
CVE-2024-47139,https://securityvulnerability.io/vulnerability/CVE-2024-47139,Stored Cross-Site Scripting Vulnerability in BIG-IQ Configuration Utility by F5 Networks,"A stored cross-site scripting vulnerability in the BIG-IQ Configuration utility allows an attacker with Administrator privileges to inject malicious JavaScript code. When executed, this vulnerability can compromise the security of the currently logged-in user's session, potentially leading to unauthorized access to sensitive information and manipulation of application data.",F5 Networks,BIG-IQ Configuration Utility,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T15:15:00.000Z,0
CVE-2024-7347,https://securityvulnerability.io/vulnerability/CVE-2024-7347,NGINX Open Source and NGINX Plus Vulnerability Permits Over-read of Worker Memory,"NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Nginx Open Source,Nginx Plus",4.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-08-14T14:32:33.913Z,0
CVE-2024-39792,https://securityvulnerability.io/vulnerability/CVE-2024-39792,Undisclosed Requests Can Cause Memory Resource Utilization Increase in NGINX Plus,"A vulnerability exists in NGINX Plus when configured with the MQTT pre-read module. This issue arises when certain undisclosed requests are made, leading to increased memory resource utilization. It is important to note that versions of NGINX Plus that have reached End of Technical Support (EoTS) are not evaluated in this context, emphasizing the need for organizations to stay up-to-date with supported versions to mitigate potential risks.",F5,Nginx Plus,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-14T14:32:33.519Z,0
CVE-2024-37028,https://securityvulnerability.io/vulnerability/CVE-2024-37028,F5 BIG-IP Next Central Manager Vulnerability Allows for Unauthorized Account Lockouts,BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.,F5,Big-ip Next Central Manager,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-14T14:32:33.153Z,0
CVE-2024-39809,https://securityvulnerability.io/vulnerability/CVE-2024-39809,User Session Refresh Token No Longer Expiring After Logout,"A vulnerability exists in F5 Networks' Central Manager where the user session refresh token does not expire upon user logout. This flaw can potentially allow unauthorized access to user sessions, leading to privacy breaches and data exposure risks. It is important for organizations to ensure that their systems are updated and that configurations are reviewed to mitigate this risk, especially in light of versions that have reached End of Technical Support (EoTS) not being evaluated for this vulnerability.",F5,Big-ip Next Central Manager,8.8,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2024-08-14T14:32:32.789Z,0
CVE-2024-41719,https://securityvulnerability.io/vulnerability/CVE-2024-41719,BIG-IP Next Logs Include F5 iHealth Credentials,"When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM),  F5 iHealth credentials will be logged in the BIG-IP Central Manager logs.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip Next Central Manager,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-14T14:32:32.375Z,0
CVE-2024-41727,https://securityvulnerability.io/vulnerability/CVE-2024-41727,Memory Resource Utilization Increase in BIG-IP Tenants on Certain Hardware,"A vulnerability exists in F5 Networks' BIG-IP product impacting tenants operated on r2000 and r4000 series hardware, as well as the BIG-IP Virtual Edition using Intel E810 SR-IOV NIC. This issue can lead to increased memory resource utilization due to undisclosed traffic patterns. It's important for organizations using affected versions to review and address this resource management concern to maintain optimal operation and ensure system performance.",F5,Big-ip,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-14T14:32:32.000Z,0