CVE-2025-61938
- EPSS 0.32%
- Veröffentlicht 15.10.2025 13:55:47
- Zuletzt bearbeitet 21.10.2025 20:30:15
When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate...
CVE-2025-59781
- EPSS 0.32%
- Veröffentlicht 15.10.2025 13:55:46
- Zuletzt bearbeitet 22.10.2025 21:02:07
When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2025-46706
- EPSS 0.39%
- Veröffentlicht 15.10.2025 13:55:45
- Zuletzt bearbeitet 21.10.2025 18:54:09
When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evalua...
CVE-2025-55669
- EPSS 0.35%
- Veröffentlicht 15.10.2025 13:55:45
- Zuletzt bearbeitet 22.10.2025 19:18:59
When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached...
CVE-2025-48008
- EPSS 0.41%
- Veröffentlicht 15.10.2025 13:55:44
- Zuletzt bearbeitet 21.10.2025 18:53:07
When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions...
CVE-2025-58153
- EPSS 0.21%
- Veröffentlicht 15.10.2025 13:55:44
- Zuletzt bearbeitet 04.02.2026 17:47:36
Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a High-Speed Bridge (HSB) may experience a lockup of the HSB. Note: Software versions which have reached End of Technical Support (EoTS)...
CVE-2025-58474
- EPSS 0.35%
- Veröffentlicht 15.10.2025 13:55:43
- Zuletzt bearbeitet 22.10.2025 21:00:17
When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery (SSRF) protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests. Note: Software ve...
CVE-2025-59268
- EPSS 0.37%
- Veröffentlicht 15.10.2025 13:55:42
- Zuletzt bearbeitet 21.10.2025 19:33:09
On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software versions which have reached End of Technical Support (Eo...
CVE-2025-59269
- EPSS 0.26%
- Veröffentlicht 15.10.2025 13:55:42
- Zuletzt bearbeitet 21.10.2025 19:33:38
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reache...
CVE-2025-53474
- EPSS 0.32%
- Veröffentlicht 15.10.2025 13:55:41
- Zuletzt bearbeitet 21.10.2025 19:49:57
When an iRule using an ILX::call command is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evalu...