CVE-2021-22979

On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.2.8, 13.1.x before 13.1.3.5, and all 12.1.x versions, a reflected Cross-Site Scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility when Fraud Protection Service is provisioned...

CVE-2023-25075

Unquoted search path in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2025-24918

Improper link resolution before file access 'link following' for some IntelR Server Configuration Utility software and IntelR Server Firmware Update Utility software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an...

PT-2025-46399

Name of the Vulnerable Software and Affected Versions IntelR Server Configuration Utility software and IntelR Server Firmware Update Utility software versions prior to 16.0.12 Description A flaw exists in link resolution before file access 'link following' within Ring 3: User Applications,...

Intel® Server Configuration Utility Software Advisory

Summary: A potential security vulnerability in some Intel® Server Configuration Utility software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-24918 Description: Improper link resolution befo...

CVE-2025-59268

On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-59483

A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-59269

A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

EUVD-2025-34657

On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-59483

A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-59483

A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-59268

On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-59268

On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-59483

CVE-2025-59483 is a vulnerability in the BIG-IP Configuration utility where an arbitrary file upload can be performed by an authenticated, highly privileged attacker (CWE-73: External Control of File Name or Path). The Red Hat advisory confirms a control plane issue with a vulnerability class tha...

CVE-2025-59483 BIG-IP Configuration utility and tmsh vulnerability

A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

EUVD-2025-34623

A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-59268

On BIG-IP, CVE-2025-59268 affects the Configuration utility: undisclosed endpoints that serve static non-sensitive information are reachable by an unauthenticated remote attacker, resulting in potential information disclosure. The issue is a control-plane exposure with no data-plane impact report...

CVE-2025-59268 BIG-IP Configuration utility vulnerability

On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-59269 BIG-IP Configuration utility XSS vulnerability

A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-59269

CVE-2025-59269 is a stored cross-site scripting (XSS) vulnerability in BIG-IP Configuration utility. It affects BIG-IP (all modules) and stems from insufficient input handling on an undisclosed page, allowing an attacker to store and execute JavaScript in the context of the currently logged-in us...