674 matches found
CVE-2025-31644 Appliance mode BIG-IP iControl REST and tmsh vulnerability
When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell tmsh command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful exploit can allow the attacke...
CVE-2025-31644
CVE-2025-31644 affects BIG-IP in Appliance mode. An authenticated administrator can exploit command injection via iControl REST and the tmsh shell to execute arbitrary system commands, potentially gaining root access. The advisory K000148591 provides fixes for affected branches: upgrade to BIG-IP...
K000148591: Appliance mode BIG-IP iControl REST and tmsh vulnerability CVE-2025-31644
Security Advisory Description When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful...
F5 iControl REST和F5 BIG-IP TMOS Shell 命令注入漏洞
F5 iControl REST and F5 BIG-IP TMOS Shell are both products of F5 Corporation, U.S.A. F5 iControl REST is a development framework. and F5 BIG-IP TMOS Shell is a command line. A command injection vulnerability exists in F5 iControl REST and F5 BIG-IP TMOS Shell that stems from command injection an...
F5 Networks BIG-IP : Appliance mode BIG-IP iControl REST and tmsh vulnerability (K000148591)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.7 / 16.1.6 / 17.1.2.2. It is, therefore, affected by a vulnerability as referenced in the K000148591 advisory. When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl RES...
The vulnerability of the TMOS Shell configuration tool’s IControl REST interface allows attackers to execute arbitrary commands. This vulnerability relates to the BIG-IP Access Policy Manager, as well as software programs such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe.
The vulnerability of the TMOS Shell configuration tool’s IControl REST interface exists due to the lack of measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
CVE-2025-20029
Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell tmsh save command, which may allow an authenticated attacker to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-23239
When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached E...
CVE-2025-23239
When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached E...
CVE-2025-23239
When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached E...
CVE-2025-20029
Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell tmsh save command, which may allow an authenticated attacker to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-20029
Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell tmsh save command, which may allow an authenticated attacker to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-20029 BIG-IP iControl REST and tmsh vulnerability
Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell tmsh save command, which may allow an authenticated attacker to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-20029
CVE-2025-20029 is a command-injection vulnerability in BIG-IP iControl REST and the tmsh shell. An authenticated user could execute arbitrary system commands, e.g., via a crafted HTTP POST to the iControl REST endpoint /mgmt/tm/util/bash with a JSON payload such as {"command": "id"}, potentially ...
CVE-2025-20029 BIG-IP iControl REST and tmsh vulnerability
Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell tmsh save command, which may allow an authenticated attacker to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-23239 BIG-IP iControl REST vulnerability
When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached E...
CVE-2025-23239 BIG-IP iControl REST vulnerability
When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached E...
CVE-2025-23239
CVE-2025-23239 affects BIG-IP iControl REST. In Appliance mode, an authenticated user with high privileges can exploit an undisclosed iControl REST endpoint to execute arbitrary commands, crossing a security boundary. Impact is command injection on the control plane with administrator-like privil...
K000148587: BIG-IP iControl REST and tmsh vulnerability CVE-2025-20029
Security Advisory Description A command injection vulnerability exists in iControl REST and the BIG-IP TMOS Shell tmsh, which may allow an authenticated attacker to execute arbitrary system commands. CVE-2025-20029 Impact An authenticated attacker may exploit this vulnerability by sending a craft...
F5 iControl REST和F5 BIG-IP TMOS Shell 操作系统命令注入漏洞
F5 iControl REST and F5 BIG-IP TMOS Shell are both products of F5 Corporation, U.S.A. F5 iControl REST is a development framework. and F5 BIG-IP TMOS Shell is a command line. An operating system command injection vulnerability exists in F5 iControl REST and F5 BIG-IP TMOS Shell that stems from th...