CVE-2025-59481

A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A successful exploit can allow the attacker to cross a security...

CVE-2025-31644

When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell tmsh command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful exploit can allow the attacke...

CVE-2025-31644

CVE-2025-31644 affects BIG-IP in Appliance mode. An authenticated administrator can exploit command injection via iControl REST and the tmsh shell to execute arbitrary system commands, potentially gaining root access. The advisory K000148591 provides fixes for affected branches: upgrade to BIG-IP...

CVE-2025-20029

Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell tmsh save command, which may allow an authenticated attacker to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

F5 iControl REST和F5 BIG-IP TMOS Shell 操作系统命令注入漏洞

F5 iControl REST and F5 BIG-IP TMOS Shell are both products of F5 Corporation, U.S.A. F5 iControl REST is a development framework. and F5 BIG-IP TMOS Shell is a command line. An operating system command injection vulnerability exists in F5 iControl REST and F5 BIG-IP TMOS Shell that stems from th...