K000151718: VELOS partition container network vulnerability CVE-2025-59778

Security Advisory Description When the Allowed IP Addresses feature is configured with All for the Port setting in the F5OS-C partition control plane, undisclosed traffic can cause multiple containers to terminate. This issue only affects the F5OS-C partitions; the F5OS-C controller layer is not...

K000151309: BIG-IP DTLS 1.2 vulnerability CVE-2025-61951

Security Advisory Description Undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. This issue may occur when a Datagram Transport Layer Security DTLS 1.2 virtual server is enabled with a Server SSL profile that is configured with a certificate, key, and the SSL Sign...

K000156621: BIG-IP Advanced WAF and ASM vulnerability CVE-2025-54858

Security Advisory Description When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate. CVE-2025-54858...

K000151596: BIG-IP TMM vulnerability CVE-2025-54805

Security Advisory Description When an iRule is configured on a virtual server via the declarative API, upon re-instantiation, the cleanup process can cause an increase in Traffic Management Microkernel TMM memory resource utilization. CVE-2025-54805 Impact System performance degradation can occur...

K000148512: BIG-IP Advanced WAF and ASM and NGINX App Protect DNS lookup vulnerability CVE-2025-58474

Security Advisory Description When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery SSRF protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests. CVE-2025-58474 Impact Traffic is...

K000149820: F5OS SNMP vulnerability CVE-2025-47150

Security Advisory Description When SNMP is configured on the F5OS-A or F5OS-C system, undisclosed requests can cause an increase in SNMP memory resource utilization. CVE-2025-47150 Impact System performance can degrade until the SNMP process is either forced to restart or is manually restarted...

K000150752: BIG-IP HTTP/2 vulnerability CVE-2025-55669

Security Advisory Description When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-55669 Impact Traffic is disrupted for new client...

K000156596: BIG-IP APM XSS vulnerability CVE-2025-61933

Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user. CVE-2025-61933. Impact An attacker may exploit this vulnerability by causing a use...

K000151611: BIG-IP iRules vulnerability CVE-2025-46706

Security Advisory Description When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2025-46706 Impact System performance can degrade until the Traffic Management Microkernel TMM process ...

K000154614: BIG-IP Next (CNF, SPK, and Kubernetes) vulnerability CVE-2025-55670

Security Advisory Description On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for Kubernetes systems, repeated undisclosed API calls can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-55670 Impact Traffic is disrupted while the TMM process restarts. This vulnerability...

K000156707: BIG-IP TMM vulnerability CVE-2025-53856

Security Advisory Description When a virtual server, network address translation NAT object, or secure network address translation SNAT object uses the embedded Packet Velocity Acceleration ePVA feature, and the Auto Last Hop setting is disabled, undisclosed traffic can cause the Traffic Manageme...

K000156912: BIG-IP TMM vulnerability CVE-2025-61990

Security Advisory Description When using a multi-bladed platform with more than one active blade, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-61990 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote,...

K000154661: F5OS-A FIPS HSM password vulnerability CVE-2025-60013

Security Advisory Description When a highly-privileged, authenticated attacker attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, arbitrary system commands may be executed, and the FIPS hardware security module HSM may fail to initialize. A successf...

K000154664: BIG-IP Advanced WAF and ASM vulnerability CVE-2025-61935

Security Advisory Description When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. CVE-2025-61935 Impact Traffic is disrupted while the bd process restarts. This vulnerability allows a remote,...

K000156746: BIG-IP IPsec vulnerability CVE-2025-58071

Security Advisory Description When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-58071 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote, unauthenticated attacker t...

K000148816: BIG-IP APM and SSL Orchestrator vulnerability CVE-2025-47148

Security Advisory Description When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization...

K000150637: BIG-IP DNS cache vulnerability CVE-2025-59781

Security Advisory Description When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in memory resource utilization. CVE-2025-59781 Impact System performance can degrade until the Traffic Management Microkernel TMM process is eith...

K000150614: BIG-IP MPTCP vulnerability CVE-2025-48008

Security Advisory Description When a TCP profile with Multipath TCP MPTCP enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-48008 Impact Traffic is disrupted...

K000156597: BIG-IP APM portal access vulnerability CVE-2025-61960

Security Advisory Description When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-61960 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allo...

K90301300: BIG-IP Configuration utility vulnerability CVE-2025-59268

Security Advisory Description On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. CVE-2025-59268 Impact This vulnerability may allow an unauthenticated attacker with netwo...

K000156801: BIG-IP Configuration utility vulnerability CVE-2025-54755

Security Advisory Description A directory traversal vulnerability exists in the BIG-IP Configuration utility that allows a highly privileged authenticated attacker to access files which are not limited to the intended files. CVE-2025-54755 Impact A highly privileged authenticated attacker may...

K000151308: BIG-IP Configuration utility XSS vulnerability CVE-2025-59269

Security Advisory Description A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. CVE-2025-59269 Impact An authenticated attacker with at least t...

K000156642: BIG-IP iControl REST and tmsh vulnerability CVE-2025-59481

Security Advisory Description A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with at least the resource administrator role to execute arbitrary system commands with higher privileges. A successful exploit can allo...

K000156624: BIG-IP Advanced WAF and ASM bd process vulnerability CVE-2025-61938

Security Advisory Description When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repeatedly...

K000156796: F5OS out-of-bounds write vulnerability CVE-2025-60015

Security Advisory Description An out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that could lead to memory corruption. CVE-2025-60015 Impact Traffic is disrupted while the SWDAG process restarts. This vulnerability allows an authenticated attacker on the F5OS tenant system to cause ...

K000156767: F5OS vulnerability CVE-2025-61955

Security Advisory Description A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. CVE-2025-61955 Impact In standard deployments, this...

K000156771: F5OS vulnerability CVE-2025-57780

Security Advisory Description A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. CVE-2025-57780 Impact In standard deployments, this...

K000156994: BusyBox vulnerability CVE-2016-2148

Security Advisory Description Heap-based buffer overflow in the DHCP client udhcpc in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION6RD parsing. CVE-2016-2148 Impact This vulnerability allows remote attackers to perform a Remote Code Executio...

K000156992: IPMI vulnerability CVE-2023-28863

Security Advisory Description AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. CVE-2023-28863 Impact This vulnerability allows an attacker with network access to bypass the negotiated integrity and confidentiality in Intelligent Platform Management Interfac...

K000156983: libbpf vulnerability CVE-2025-29481

Security Advisory Description Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpfobjectinitprog function of libbpf. CVE-2025-29481 Impact Exploitation of this vulnerability could allow an attacker to access sensitive information stored or...

K000156952: Apache Tomcat vulnerability CVE-2025-55668

Security Advisory Description Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgra...

K000156794: Intel(R) Xeon(R) 6 processor vulnerability CVE-2025-22889

Security Advisory Description Improper handling of overlap between protected memory ranges for some IntelR XeonR 6 processor with IntelR TDX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-22889 Impact There is no impact; F5 products are not...

K000156758: GNOME GLib vulnerability CVE-2024-34397

Security Advisory Description An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bu...

K000156757: Curl vulnerability CVE-2025-9086

Security Advisory Description 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path...

K000156732: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2022-0284 A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format TIFF image to convert it into a PICON file...

K000156731: ImageMagick vulnerabilities CVE-2021-20312, CVE-2021-20313, CVE-2021-3596, and CVE-2021-4219

Security Advisory Description CVE-2021-20312 A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using...

K000156730: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2021-20176 A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from...

K000156729: ImageMagick vulnerabilities CVE-2023-3428, CVE-2023-34474, CVE-2023-34475, CVE-2023-3745, and CVE-2023-39978

Security Advisory Description CVE-2023-3428 A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. CVE-2023-34474 ...

K000156728: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2023-1289 A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many...

K000156727: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2019-7395 In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. CVE-2019-7396 In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. CVE-2019-7397 In ImageMagick before 7.0.8-25 and...

K000156725: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2020-25663 A call to ConformPixelInfo in the SetImageAlphaChannel routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed or GetPixelBlue was called. This could occur if an attacker is able to submit ...

K000156724: ImageMagick vulnerabilities CVE-2020-27773, CVE-2020-27774, CVE-2020-27775, CVE-2020-27776, and CVE-2020-27829

Security Advisory Description CVE-2020-27773 A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char or division by zero. Thi...

K000156723: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2019-14981 In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file. CVE-2019-17541 ImageMagick before 7.0.8-5...

K000156722: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2020-27763 A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to applicati...

K000156721: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2020-27752 A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but cou...

K000156719: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2018-16323 ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that...

K000156720: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2019-10131 An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. CVE-2019-1013...

K000156718: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2017-13142 In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files. CVE-2017-13143 In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in...

K000156717: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2017-5506 Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file. CVE-2017-5507 Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to...

K000156716: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2017-11526 The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service large loop and CPU consumption via a crafted file. CVE-2017-11527 The ReadDPXImage function in...