CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-41431 – TMM Vulnerability
https://notcve.org/view.php?id=CVE-2025-41431
07 May 2025 — When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic group. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000150668 • CWE-787: Out-of-bounds Write •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 2CVE-2025-31644 – Appliance mode BIG-IP iControl REST and tmsh vulnerability
https://notcve.org/view.php?id=CVE-2025-31644
07 May 2025 — When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. F5 BIG-IP version 16.1.4.1 suffers from a command injection vulnerability via an authen... • https://packetstorm.news/files/id/191689 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-35995 – BIG-IP PEM vulnerability
https://notcve.org/view.php?id=CVE-2025-35995
07 May 2025 — When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undi... • https://my.f5.com/manage/s/article/K000149952 • CWE-125: Out-of-bounds Read •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-36525 – BIG-IP APM PingAccess Virtual Server Vulnerability
https://notcve.org/view.php?id=CVE-2025-36525
07 May 2025 — When a BIG-IP APM virtual server is configured to use a PingAccess profile, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000150598 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 0CVE-2025-36504 – BIG-IP HTTP/2 vulnerability
https://notcve.org/view.php?id=CVE-2025-36504
07 May 2025 — When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000140919 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-41414 – BIG-IP HTTP/2 vulnerability
https://notcve.org/view.php?id=CVE-2025-41414
07 May 2025 — When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated • https://my.f5.com/manage/s/article/K000140968 • CWE-476: NULL Pointer Dereference •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-41433 – BIG-IP SIP ALG profile vulnerability
https://notcve.org/view.php?id=CVE-2025-41433
07 May 2025 — When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000140937 • CWE-476: NULL Pointer Dereference •
CVSS: 8.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-36557 – BIG-IP HTTP vulnerability
https://notcve.org/view.php?id=CVE-2025-36557
07 May 2025 — When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Techni... • https://my.f5.com/manage/s/article/K000139571 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 0CVE-2025-41399 – SCTP Vulnerability
https://notcve.org/view.php?id=CVE-2025-41399
07 May 2025 — When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are n... • https://my.f5.com/manage/s/article/K000137709 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 8.6EPSS: 0%CPEs: 30EXPL: 0CVE-2022-28693 – hw: cpu: Intel: information disclosure via local access
https://notcve.org/view.php?id=CVE-2022-28693
14 Feb 2025 — Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. A flaw was found in hw. The unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to enable information disclosure via local access. • https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00707.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-420: Unprotected Alternate Channel •