F5: Security Vulnerabilities
A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.5
EPSS Score
0.001
Published
2025-10-15
When the Allowed IP Addresses feature is configured on the F5OS-C partition control plane, undisclosed traffic can cause multiple containers to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
7.7
EPSS Score
0.001
Published
2025-10-15
When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery (SSRF) protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
6.9
EPSS Score
0.001
Published
2025-10-15
On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
6.9
EPSS Score
0.001
Published
2025-10-15
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-10-15
When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.2
EPSS Score
0.001
Published
2025-10-15
When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.7
EPSS Score
0.001
Published
2025-10-15
Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a High-Speed Bridge (HSB) may experience a lockup of the HSB.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.2
EPSS Score
0.001
Published
2025-10-15
On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-10-15
When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory corruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.7
EPSS Score
0.001
Published
2025-10-15