CVE-2025-54755

EPSS 0.3%
Veröffentlicht 15.10.2025 13:55:55
Zuletzt bearbeitet 21.10.2025 19:51:22
Quelle f5sirt@f5.com
CVE-Watchlists
Login
Unerledigt
Login

A directory traversal vulnerability exists in TMUI that allows an authenticated attacker to access files which are not limited to the intended files.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

F5 ≫ Big-ip Access Policy Manager Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Advanced Firewall Manager Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Advanced Web Application Firewall Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Analytics Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Application Acceleration Manager Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Application Security Manager Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Application Visibility And Reporting Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Automation Toolchain Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Carrier-grade Nat Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Container Ingress Services Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Ddos Hybrid Defender Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Domain Name System Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Edge Gateway Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Fraud Protection Service Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Global Traffic Manager Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Link Controller Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Local Traffic Manager Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Policy Enforcement Manager Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Ssl Orchestrator Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Webaccelerator Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Websafe Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Access Policy Manager Version >= 16.1.0 < 16.1.6.1

F5 ≫ Big-ip Advanced Firewall Manager Version >= 16.1.0 < 16.1.6.1

F5 ≫ Big-ip Advanced Web Application Firewall Version >= 16.1.0 < 16.1.6.1

F5 ≫ Big-ip Analytics Version >= 16.1.0 < 16.1.6.1

F5 ≫ Big-ip Application Acceleration Manager Version >= 16.1.0 < 16.1.6.1

F5 ≫ Big-ip Application Security Manager Version >= 16.1.0 < 16.1.6.1

F5 ≫ Big-ip Application Visibility And Reporting Version >= 16.1.0 < 16.1.6.1

F5 ≫ Big-ip Automation Toolchain Version >= 16.1.0 < 16.1.6.1

F5 ≫ Big-ip Carrier-grade Nat Version >= 16.1.0 < 16.1.6.1

F5 ≫ Big-ip Container Ingress Services Version >= 16.1.0 < 16.1.6.1

F5 ≫ Big-ip Ddos Hybrid Defender Version >= 16.1.0 < 16.1.6.1

F5 ≫ Big-ip Domain Name System Version >= 16.1.0 < 16.1.6.1

F5 ≫ Big-ip Edge Gateway Version >= 16.1.0 < 16.1.6.1

F5 ≫ Big-ip Fraud Protection Service Version >= 16.1.0 < 16.1.6.1

F5 ≫ Big-ip Global Traffic Manager Version >= 16.1.0 < 16.1.6.1

F5 ≫ Big-ip Link Controller Version >= 16.1.0 < 16.1.6.1

F5 ≫ Big-ip Local Traffic Manager Version >= 16.1.0 < 16.1.6.1

F5 ≫ Big-ip Policy Enforcement Manager Version >= 16.1.0 < 16.1.6.1

F5 ≫ Big-ip Ssl Orchestrator Version >= 16.1.0 < 16.1.6.1

F5 ≫ Big-ip Webaccelerator Version >= 16.1.0 < 16.1.6.1

F5 ≫ Big-ip Websafe Version >= 16.1.0 < 16.1.6.1

F5 ≫ Big-ip Access Policy Manager Version >= 17.1.0 < 17.1.3

F5 ≫ Big-ip Access Policy Manager Version >= 17.5.0 <= 17.5.1

F5 ≫ Big-ip Advanced Firewall Manager Version >= 17.1.0 < 17.1.3

F5 ≫ Big-ip Advanced Firewall Manager Version >= 17.5.0 <= 17.5.1

F5 ≫ Big-ip Advanced Web Application Firewall Version >= 17.1.0 < 17.1.3

F5 ≫ Big-ip Advanced Web Application Firewall Version >= 17.5.0 <= 17.5.1

F5 ≫ Big-ip Analytics Version >= 17.1.0 < 17.1.3

F5 ≫ Big-ip Analytics Version >= 17.5.0 <= 17.5.1

F5 ≫ Big-ip Application Acceleration Manager Version >= 17.1.0 < 17.1.3

F5 ≫ Big-ip Application Acceleration Manager Version >= 17.5.0 <= 17.5.1

F5 ≫ Big-ip Application Security Manager Version >= 17.1.0 < 17.1.3

F5 ≫ Big-ip Application Security Manager Version >= 17.5.0 <= 17.5.1

F5 ≫ Big-ip Application Visibility And Reporting Version >= 17.1.0 < 17.1.3

F5 ≫ Big-ip Application Visibility And Reporting Version >= 17.5.0 <= 17.5.1

F5 ≫ Big-ip Automation Toolchain Version >= 17.1.0 < 17.1.3

F5 ≫ Big-ip Automation Toolchain Version >= 17.5.0 <= 17.5.1

F5 ≫ Big-ip Carrier-grade Nat Version >= 17.1.0 < 17.1.3

F5 ≫ Big-ip Carrier-grade Nat Version >= 17.5.0 <= 17.5.1

F5 ≫ Big-ip Container Ingress Services Version >= 17.1.0 < 17.1.3

F5 ≫ Big-ip Container Ingress Services Version >= 17.5.0 <= 17.5.1

F5 ≫ Big-ip Ddos Hybrid Defender Version >= 17.1.0 < 17.1.3

F5 ≫ Big-ip Ddos Hybrid Defender Version >= 17.5.0 <= 17.5.1

F5 ≫ Big-ip Domain Name System Version >= 17.1.0 < 17.1.3

F5 ≫ Big-ip Domain Name System Version >= 17.5.0 <= 17.5.1

F5 ≫ Big-ip Edge Gateway Version >= 17.1.0 < 17.1.3

F5 ≫ Big-ip Edge Gateway Version >= 17.5.0 <= 17.5.1

F5 ≫ Big-ip Fraud Protection Service Version >= 17.1.0 < 17.1.3

F5 ≫ Big-ip Fraud Protection Service Version >= 17.5.0 <= 17.5.1

F5 ≫ Big-ip Global Traffic Manager Version >= 17.1.0 < 17.1.3

F5 ≫ Big-ip Link Controller Version >= 17.1.0 < 17.1.3

F5 ≫ Big-ip Link Controller Version >= 17.5.0 <= 17.5.1

F5 ≫ Big-ip Local Traffic Manager Version >= 17.1.0 < 17.1.3

F5 ≫ Big-ip Local Traffic Manager Version >= 17.5.0 <= 17.5.1

F5 ≫ Big-ip Policy Enforcement Manager Version >= 17.1.0 < 17.1.3

F5 ≫ Big-ip Policy Enforcement Manager Version >= 17.5.0 <= 17.5.1

F5 ≫ Big-ip Ssl Orchestrator Version >= 17.1.0 < 17.1.3

F5 ≫ Big-ip Ssl Orchestrator Version >= 17.5.0 <= 17.5.1

F5 ≫ Big-ip Webaccelerator Version >= 17.1.0 < 17.1.3

F5 ≫ Big-ip Webaccelerator Version >= 17.5.0 <= 17.5.1

F5 ≫ Big-ip Websafe Version >= 17.1.0 < 17.1.3

F5 ≫ Big-ip Websafe Version >= 17.5.0 <= 17.5.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.531

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
f5sirt@f5.com	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
f5sirt@f5.com	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-146 Improper Neutralization of Expression/Command Delimiters

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as expression or command delimiters when they are sent to a downstream component.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://my.f5.com/manage/s/article/K000156801

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-54755

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-54755

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-54755

EUVD