K000151334: Apache HttpClient vulnerability CVE-2025-27820

Security Advisory Description A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release CVE-2025-27820 Impact There is no impact; F5 products are not...

K000151331: Ceph RADOS Gateway vulnerability CVE-2024-48916

Security Advisory Description Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As...

K000151330: Oath Toolkit vulnerability CVE-2024-47191

Security Advisory Description pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink. CVE-2024-47191 Impact There is ...

K000151329: MySQL vulnerabilities CVE-2025-30704, CVE-2025-30705, and CVE-2025-30706

Security Advisory Description CVE-2025-30704 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Components Services. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows high privileged attacker wit...

K000151312: cURL vulnerability CVE-2025-0725

Security Advisory Description When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow. CVE-2025-0725...

K000151278: MySQL vulnerability CVE-2025-21579

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Options. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

K000151277: MySQL vulnerabilities CVE-2025-21580 and CVE-2025-21588

Security Advisory Description CVE-2025-21580 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access v...

K000151275: MySQL vulnerabilities CVE-2025-21577 and CVE-2025-30681

Security Advisory Description CVE-2025-21577 Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via...

K000151274: MySQL vulnerabilities CVE-2025-21583 and CVE-2025-21584

Security Advisory Description CVE-2025-21583 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.4.0 and 9.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

K000151273: MySQL vulnerability CVE-2025-30682

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multipl...

K000151257: Java vulnerability CVE-2025-30698

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:...

K000151258: MySQL vulnerability CVE-2025-21585

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multip...

K000151256: MySQL vulnerability CVE-2025-30687

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multipl...

K000151255: GStreamer vulnerability CVE-2024-47606

Security Advisory Description GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemuxparsetheoraextension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size...

K000151254: libxml2 vulnerability CVE-2024-40896

Security Advisory Description In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible. CVE-2024-40896...

K000151220: Multiple Wireshark/tshark vulnerabilities

Security Advisory Description CVE-2020-26575 In Wireshark through 3.2.7, the Facebook Zero Protocol aka FBZERO dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. CVE-2018-14339 In Wireshark 2.6.0 to...

K000151008: Quarterly Security Notification (May 2025)

Security Advisory Description On May 7, 2025, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. You can watch th...

K000150598: BIG-IP APM PingAccess vulnerability CVE-2025-36525

Security Advisory Description When a BIG-IP APM PingAccess profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-36525 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote...

K000140574: F5OS Appliance Mode vulnerability CVE-2025-36546

Security Advisory Description On an F5OS system, if the root user configures the system to allow login using SSH key-based authentication and later enables appliance mode, the system still allows access using SSH key-based authentication. For an attacker to exploit this vulnerability they must...

K000140919: BIG-IP HTTP/2 vulnerability CVE-2025-36504

Security Advisory Description When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. CVE-2025-36504 Impact System performance can degrade until the Traffic Management Microkernel TMM process is either...

K000140937: BIG-IP SIP ALG profile vulnerability CVE-2025-41433

Security Advisory Description When a Session Initiation Protocol SIP message routing framework MRF application layer gateway ALG profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-41433 Impact...

K000149952: BIG-IP PEM vulnerability CVE-2025-35995

Security Advisory Description When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-35995 Impa...

K000150668: TMM vulnerability CVE-2025-41431

Security Advisory Description When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate in the standby BIG-IP systems in a traffic group. CVE-2025-41431 Impact Traffic in other traffic groups may be disrupted...

K000139571: BIG-IP HTTP vulnerability CVE-2025-36557

Security Advisory Description When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-36557 Impact Traffic is disrupted while the TMM process restarts. This...

K000139503: F5OS vulnerability CVE-2025-46265

Security Advisory Description On F5OS, an improper authorization vulnerability exists where remotely authenticated users LDAP, RADIUS, TACACS+ may be authorized with higher privilege F5OS roles. CVE-2025-46265 Impact This vulnerability may allow a remote, authenticated attacker to be unexpectedly...

K000140968: BIG-IP HTTP/2 vulnerability CVE-2025-41414

Security Advisory Description When HTTP/2 client and server profiles are simultaneously configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-41414 Impact Traffic is disrupted while the TMM process restarts. This vulnerability...

K000137709: SCTP vulnerability CVE-2025-41399

Security Advisory Description When a Stream Control Transmission Protocol SCTP profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2025-41399 Impact System performance can degrade until the Traffic Management Microkernel TMM...

K000139502: F5OS vulnerability CVE-2025-43878

Security Advisory Description When running in appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-A/C system. CVE-2025-43878 Impact In...

K000148591: Appliance mode BIG-IP iControl REST and tmsh vulnerability CVE-2025-31644

Security Advisory Description When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful...

K000151206: Oracle Java SE vulnerability CVE-2025-21587

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for...

K000151202: Java vulnerability CVE-2025-30691

Security Advisory Description Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

K000151201: OpenSSL vulnerability CVE-2024-12797

Security Advisory Description Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS...

K000151184: Intel Ethernet Controller and Adapter vulnerability CVE-2024-36274

Security Advisory Description Out-of-bounds write in the IntelR 800 Series Ethernet Driver for IntelR Ethernet Adapter Complete Driver Pack before versions 29.1 may allow an unauthenticated user to potentially enable denial of service via adjacent access. CVE-2024-36274 Impact This vulnerability...

K000151159: MySQL vulnerability CVE-2025-21581

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multip...

K000151158: MySQL vulnerability CVE-2025-21575

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...

K000151130: GnuTLS vulnerability CVE-2024-12243

Security Advisory Description A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote...

K000151082: PostgreSQL vulnerability CVE-2021-32027

Security Advisory Description A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory...

K000151066: OpenSAML vulnerability CVE-2025-31335

Security Advisory Description The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures. CVE-2025-31335 Impact There is no impact; F5 products are not affected by this vulnerability. Security...

K000151063: MySQL vulnerability CVE-2025-30696

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PS. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

K000151057: Oracle MySQL vulnerability CVE-2025-30721

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: UDF. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure...

K000151007: Multiple Python vulnerabilities

Security Advisory Description CVE-2019-13404 The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. This also affects old 3.x releases before 3.5. NOTE: the vendor's position is that it is th...

K000150999: Oracle MySQL vulnerabilities CVE-2025-30695 and CVE-2025-30699

Security Advisory Description CVE-2025-30695 Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via...

K000150987: PostgreSQL pgAdmin vulnerabilities CVE-2025-2945 and CVE-2025-2946

Security Advisory Description CVE-2025-2945 Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint,...

K000150967: Angular JS vulnerabilities CVE-2023-26117 and CVE-2023-26118

Security Advisory Description CVE-2023-26117 Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted...

K000150957: WebKitGTK vulnerability CVE-2024-54534

Security Advisory Description The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption. CVE-2024-54534...

K000150951: Multiple Oracle MySQL vulnerabilities

Security Advisory Description CVE-2025-30689 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network...

K000150943: PostgreSQL vulnerabilities CVE-2019-10164, CVE-2020-14349, and CVE-2020-14350

Security Advisory Description CVE-2019-10164 PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often...

K000150939: cURL vulnerability CVE-2025-0665

Security Advisory Description libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve. CVE-2025-0665 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...

K000150938: Oracle MySQL vulnerabilities CVE-2025-30693 and CVE-2025-30703

Security Advisory Description CVE-2025-30693 Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via...

K000150937: Freetype vulnerability CVE-2025-27363

Security Advisory Description An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an...