58 matches found
CVE-2025-59478
When a BIG-IP AFM denial-of-service DoS protection profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-61974
When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
EUVD-2025-34626
When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
EUVD-2025-34645
When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory corruption. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
EUVD-2025-34630
When a BIG-IP APM Access Policy is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
EUVD-2025-34650
When a TCP profile with Multipath TCP MPTCP enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS ar...
CVE-2025-61990 TMM vulnerability
When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-61990 TMM vulnerability
When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-58120
When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-60015
The CVE-2025-60015 issue affects F5OS-A and F5OS-C with an out-of-bounds write leading to memory corruption. Per the F5 advisory, vulnerable versions include F5OS-A 1.8.03 and 1.5.1–1.5.3, plus F5OS-C 1.8.0–1.8.1 and 1.6.0–1.6.23. Remediation is available via updates: F5OS-A to 1.8.3 (and later),...
CVE-2025-61960 BIG-IP APM portal access vulnerability
When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-59268 BIG-IP Configuration utility vulnerability
On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-46405
When Network Access is configured on a BIG-IP APM virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-48500
A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer. Note: Software versions which have reached End of Technical Support Eo...
CVE-2025-46405
When Network Access is configured on a BIG-IP APM virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-54500 HTTP/2 Vulnerability
An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit HTTP/2 MadeYouReset Attack. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
PT-2025-5730 · F5 · Big-Ip +1
Name of the Vulnerable Software and Affected Versions: No specific software name or versions are mentioned in the provided descriptions. Description: When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an...
CVE-2024-45844
BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-39809
The Central Manager user session refresh token does not expire when a user logs out. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-41723 BIG-IP iControl REST vulnerability
Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...