CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 0CVE-2025-36504 – BIG-IP HTTP/2 vulnerability
https://notcve.org/view.php?id=CVE-2025-36504
07 May 2025 — When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000140919 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-41414 – BIG-IP HTTP/2 vulnerability
https://notcve.org/view.php?id=CVE-2025-41414
07 May 2025 — When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated • https://my.f5.com/manage/s/article/K000140968 • CWE-476: NULL Pointer Dereference •
CVSS: 8.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-36557 – BIG-IP HTTP vulnerability
https://notcve.org/view.php?id=CVE-2025-36557
07 May 2025 — When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Techni... • https://my.f5.com/manage/s/article/K000139571 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 0CVE-2025-41399 – SCTP Vulnerability
https://notcve.org/view.php?id=CVE-2025-41399
07 May 2025 — When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are n... • https://my.f5.com/manage/s/article/K000137709 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24312 – BIG-IP AFM vulnerability
https://notcve.org/view.php?id=CVE-2025-24312
05 Feb 2025 — When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000141380 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-41164 – BIG-IP MPTCP vulnerability
https://notcve.org/view.php?id=CVE-2024-41164
14 Aug 2024 — When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000138477 • CWE-476: NULL Pointer Dereference •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28132 – BIG-IP NEXT CNF vulnerability
https://notcve.org/view.php?id=CVE-2024-28132
08 May 2024 — Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de exposición de información confidencial en el contenedor GSLB, que puede permitir que un atacante autenticado con acceso local vea información confidencial. Nota: Las versiones de software que han llegado al final del sop... • https://my.f5.com/manage/s/article/K000138913 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-25560 – TMM Vulnerability
https://notcve.org/view.php?id=CVE-2024-25560
08 May 2024 — When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Cuando se otorga licencia y aprovisionamiento de BIG-IP AFM, el tráfico DNS no divulgado puede provocar la finalización del Microkernel de gestión de tráfico (TMM). Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000139037 • CWE-476: NULL Pointer Dereference •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23306 – BIG-IP Next CNF & SPK vulnerability
https://notcve.org/view.php?id=CVE-2024-23306
14 Feb 2024 — A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Existe una vulnerabilidad en los sistemas BIG-IP Next CNF y SPK que puede permitir el acceso a archivos confidenciales no divulgados. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan • https://my.f5.com/manage/s/article/K000137886 • CWE-522: Insufficiently Protected Credentials •