CVE-2025-54755
- EPSS 1.09%
- Veröffentlicht 15.10.2025 13:55:55
- Zuletzt bearbeitet 27.01.2026 13:30:32
A directory traversal vulnerability exists in TMUI that allows a highly privileged authenticated attacker to access files which are not limited to the intended files. Note: Software versions which have reached End of Technical Support (EoTS) are not...
CVE-2025-59483
- EPSS 0.34%
- Veröffentlicht 15.10.2025 13:55:55
- Zuletzt bearbeitet 21.10.2025 19:35:20
A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2025-59481
- EPSS 0.36%
- Veröffentlicht 15.10.2025 13:55:54
- Zuletzt bearbeitet 04.02.2026 17:48:00
A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A successful ...
CVE-2025-61958
- EPSS 0.36%
- Veröffentlicht 15.10.2025 13:55:53
- Zuletzt bearbeitet 04.02.2026 17:48:10
A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and gain access to a bash shell. For BIG-IP systems running in Appliance mode, a successfu...
CVE-2025-58096
- EPSS 0.32%
- Veröffentlicht 15.10.2025 13:55:52
- Zuletzt bearbeitet 21.10.2025 19:30:28
When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End o...
CVE-2025-53868
- EPSS 0.41%
- Veröffentlicht 15.10.2025 13:55:51
- Zuletzt bearbeitet 04.02.2026 17:47:22
When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Support ...
CVE-2025-54858
- EPSS 0.32%
- Veröffentlicht 15.10.2025 13:55:51
- Zuletzt bearbeitet 21.10.2025 20:13:30
When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate. ...
CVE-2025-61951
- EPSS 0.23%
- Veröffentlicht 15.10.2025 13:55:50
- Zuletzt bearbeitet 21.10.2025 20:33:42
Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. This issue may occur when a Datagram Transport Layer Security (DTLS) 1.2 virtual server is enabled with a Server SSL profile that is configured with a certificate, ...
CVE-2025-53856
- EPSS 0.32%
- Veröffentlicht 15.10.2025 13:55:49
- Zuletzt bearbeitet 21.10.2025 20:19:02
When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (ePVA) feature, undisclosed traffic can cause the Traffic Management Microkernel (TMM)...
CVE-2025-58424
- EPSS 0.23%
- Veröffentlicht 15.10.2025 13:55:47
- Zuletzt bearbeitet 04.02.2026 17:47:53
On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection. Note: Software versions which have reached End of Technical Support (EoTS) are not evalu...