K000160875: BIG-IP PEM iRules vulnerability CVE-2026-41218

Security Advisory Description When BIG-IP PEM iRules are configured on a virtual server iRules using commands starting with CLASSIFICATION:: , CLASSIFY::, PEM:: , PSC:: , and the urlcatquery command, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2026-41218...

PT-2026-40658

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1 Description Undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate when PEM iRules are configured on a...

F5 Networks BIG-IP : BIG-IP PEM vulnerability (K000151475)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6.1 / 17.1.3 / 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K000151475 advisory. When a classification profile is configured on a virtual server without an HTTP or HTTP/2...

EUVD-2019-16187

Malware in sbrugna...

EUVD-2020-27096

Malware in sbrugna...

EUVD-2025-13937

Malicious code in bioql PyPI...

CVE-2020-5942

In BIG-IP PEM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when processing Capabilities-Exchange-Answer CEA packets with certain attributes from the Policy and Charging Rules Function PCRF server, the Traffic Management...

CVE-2019-6628

On BIG-IP PEM 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, under certain conditions, the TMM process may terminate and restart while processing BIG-IP PEM traffic with the OpenVPN classifier...

CVE-2025-35995

When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of...

CVE-2025-35995

When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of...

CVE-2025-35995 BIG-IP PEM vulnerability

When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of...

K000149952: BIG-IP PEM vulnerability CVE-2025-35995

Security Advisory Description When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-35995 Impa...

PT-2025-20301 · F5 · Big-Ip Pem

Name of the Vulnerable Software and Affected Versions: BIG-IP PEM affected versions not specified Description: The issue occurs when a BIG-IP PEM system is licensed with URL categorization and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server. In thi...

Unspecified Vulnerability in F5 BIG-IP PEM (CNVD-2025-07324)

F5 BIG-IP PEM is a policy enforcer used in BIG-IP from F5 USA. A security vulnerability exists in F5 BIG-IP PEM that can be exploited by an attacker to cause the Traffic Management Microkernel TMM to terminate when configuring URL categorization on a virtual server...

Unspecified Vulnerability in F5 BIG-IP PEM

F5 BIG-IP PEM is a policy enforcer used in BIG-IP from F5 USA. A security vulnerability exists in the F5 BIG-IP PEM due to a Diameter Endpoint profile that can be exploited by an attacker to cause the virtual server to stop processing new client connections and cause an increase in memory resourc...

CVE-2025-22891

When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technica...

CVE-2025-22891

When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technica...

CVE-2025-22891

When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technica...

CVE-2025-24497 BIG-IP PEM vulnerability

When URL categorization is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-22891 BIG-IP PEM Vulnerability

When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technica...