Shodan
Vulnerabilities
Vulnerable Software
F5:  >> Big-Ip Container Ingress Services  >> 17.1.2  Security Vulnerabilities
CVE-2025-53868
When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.5
EPSS Score
0.004
Published
2025-10-15
CVE-2025-46706
When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.7
EPSS Score
0.004
Published
2025-10-15
CVE-2025-54500
An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
6.9
EPSS Score
0.005
Published
2025-08-13
CVE-2025-52585
When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.7
EPSS Score
0.003
Published
2025-08-13
CVE-2025-31644
When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.5
EPSS Score
0.247
Published
2025-05-07
CVE-2025-20029
Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.7
EPSS Score
0.078
Published
2025-02-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved