|
371
|
- |
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in…
|
CWE-79
Cross-site Scripting
|
CVE-2025-24320
|
2025-02-6 03:15 |
2025-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
372
|
- |
|
-
|
-
|
When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate.
Note:…
|
CWE-20
Improper Input Validation
|
CVE-2025-24319
|
2025-02-6 03:15 |
2025-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
373
|
- |
|
-
|
-
|
When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in CPU r…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2025-24312
|
2025-02-6 03:15 |
2025-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
374
|
- |
|
-
|
-
|
An insufficient verification of data authenticity vulnerability exists in BIG-IP APM Access Policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connecti…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2025-23415
|
2025-02-6 03:15 |
2025-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
375
|
- |
|
-
|
-
|
When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files.
Note: Software versions which have reache…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2025-23413
|
2025-02-6 03:15 |
2025-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
376
|
- |
|
-
|
-
|
When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are…
|
CWE-120
Classic Buffer Overflow
|
CVE-2025-23412
|
2025-02-6 03:15 |
2025-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
377
|
- |
|
-
|
-
|
When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a securit…
|
CWE-77
Command Injection
|
CVE-2025-23239
|
2025-02-6 03:15 |
2025-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
378
|
- |
|
-
|
-
|
When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an i…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2025-22891
|
2025-02-6 03:15 |
2025-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
379
|
- |
|
-
|
-
|
When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.
Note: Softw…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2025-22846
|
2025-02-6 03:15 |
2025-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
380
|
- |
|
-
|
-
|
When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilization.
Note: Software versions which have reached End of Technical Support (Eo…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2025-21091
|
2025-02-6 03:15 |
2025-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
