CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 0CVE-2025-36504 – BIG-IP HTTP/2 vulnerability
https://notcve.org/view.php?id=CVE-2025-36504
07 May 2025 — When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000140919 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-41414 – BIG-IP HTTP/2 vulnerability
https://notcve.org/view.php?id=CVE-2025-41414
07 May 2025 — When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated • https://my.f5.com/manage/s/article/K000140968 • CWE-476: NULL Pointer Dereference •
CVSS: 8.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-36557 – BIG-IP HTTP vulnerability
https://notcve.org/view.php?id=CVE-2025-36557
07 May 2025 — When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Techni... • https://my.f5.com/manage/s/article/K000139571 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 0CVE-2025-41399 – SCTP Vulnerability
https://notcve.org/view.php?id=CVE-2025-41399
07 May 2025 — When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are n... • https://my.f5.com/manage/s/article/K000137709 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23413 – BIG-IP Next Central Manager vulnerability
https://notcve.org/view.php?id=CVE-2025-23413
05 Feb 2025 — When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000149185 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24319 – BIG-IP Next Central Manager vulnerability
https://notcve.org/view.php?id=CVE-2025-24319
05 Feb 2025 — When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000148412 • CWE-20: Improper Input Validation •
CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24312 – BIG-IP AFM vulnerability
https://notcve.org/view.php?id=CVE-2025-24312
05 Feb 2025 — When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000141380 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-22846 – BIG-IP SIP Vulnerability
https://notcve.org/view.php?id=CVE-2025-22846
05 Feb 2025 — When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000139780 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 8.9EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21087 – TMM Vulnerability
https://notcve.org/view.php?id=CVE-2025-21087
05 Feb 2025 — When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated • https://my.f5.com/manage/s/article/K000134888 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37028 – BIG-IP Next Central Manager vulnerability
https://notcve.org/view.php?id=CVE-2024-37028
14 Aug 2024 — BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000139938 • CWE-645: Overly Restrictive Account Lockout Mechanism •