Severity
High
Analysis Summary
CVE-2025-61933 CVSS:6.1
F5 BIG-IP is vulnerable to reflected cross-site scripting, caused by improper validation of user-supplied input
CVE-2025-59483 CVSS:6.5
F5 BIG-IP could allow a remote authenticated attacker to obtain sensitive information, caused by a validation exists in an undisclosed URL in the Configuration utility.
CVE-2025-59481 CVSS:8.7
F5 BIG-IP could allow a remote authenticated attacker to execute arbitrary system commands on the system, caused by an unspecified flaw in the iControl REST and BIG-IP TMOS Shell (tmsh) command.
CVE-2025-61974 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by a memory leak flaw.
CVE-2025-61958 CVSS:8.7
F5 BIG-IP could allow a remote authenticated attacker to bypass tmsh restrictions and gain access to the Advanced Shell (bash), caused by a flaw in the iHealth utility of the TMOS Shell (tmsh).
CVE-2025-58096 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by an out-of-bounds write flaw
CVE-2025-61938 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by a way to terminate bd process repeatedly, when security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting.
CVE-2025-55036 CVSS:7.5
F5 BIG-IP SSL Orchestrator is vulnerable to a denial of service, caused by a memory corruption flaw when explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled.
CVE-2025-60016 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by a way to terminateTraffic Management Microkernel (TMM), when Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group.
CVE-2025-55669 CVSS:7.5
F5 BIG-IP ASM is vulnerable to a denial of service, caused by a way to terminate Traffic Management Microkernel (TMM), when the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server.
Impact
- Denial of Service
- Gain Access
- Security Bypass
- Cross-Site Scripting
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2025-61933
- CVE-2025-59483
- CVE-2025-59481
- CVE-2025-61974
- CVE-2025-61958
- CVE-2025-58096
- CVE-2025-61938
- CVE-2025-55036
- CVE-2025-60016
- CVE-2025-55669
Affected Vendors
- F5
Affected Products
- F5 BIG-IP Next CNF 2.0.0
- F5 BIG-IP - 17.1.0 - 17.1.2 - 17.5.0 - 17.5.1
- F5 BIG-IP - 16.1.0 - 16.1.6
- F5 BIG-IP - 15.1.0 - 15.1.10
- F5 BIG-IP Next SPK 2.0.0
- F5 BIG-IP Next for Kubernetes 2.0.0
- F5 BIG-IP Advanced WAF/ASM - 17.1.0 - 17.1.2 - 17.5.0
- F5 BIG-IP SSL Orchestrator - 17.1.0 - 17.1.2
- F5 BIG-IP SSL Orchestrator - 16.1.0 - 16.1.5
- F5 BIG-IP SSL Orchestrator - 15.1.0 - 15.1.10
- F5 BIG-IP Next SPK - 1.7.0 - 1.9.2
- F5 BIG-IP Next CNF - 1.1.0 - 1.3.3
- F5 BIG-IP ASM - 17.1.0 - 17.1.2
- F5 BIG-IP ASM - 16.1.0 - 16.1.5
Remediation
Upgrade to the latest version of BIG-IP, available from the F5 Website.