8.7
CVE-2025-54858
- EPSS 0.11%
- Veröffentlicht 15.10.2025 13:55:51
- Zuletzt bearbeitet 21.10.2025 20:13:30
- Quelle f5sirt@f5.com
- CVE-Watchlists
- Unerledigt
When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
F5 ≫ Big-ip Advanced Web Application Firewall Version >= 15.1.0 < 15.1.10.8
F5 ≫ Big-ip Advanced Web Application Firewall Version >= 16.1.0 < 16.1.6.1
F5 ≫ Big-ip Advanced Web Application Firewall Version >= 17.1.0 < 17.1.3
F5 ≫ Big-ip Advanced Web Application Firewall Version >= 17.5.0 < 17.5.1.3
F5 ≫ Big-ip Application Security Manager Version >= 15.1.0 < 15.1.10.8
F5 ≫ Big-ip Application Security Manager Version >= 16.1.0 < 16.1.6.1
F5 ≫ Big-ip Application Security Manager Version >= 17.1.0 < 17.1.3
F5 ≫ Big-ip Application Security Manager Version >= 17.5.0 < 17.5.1.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.296 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| f5sirt@f5.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| f5sirt@f5.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-674 Uncontrolled Recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.