CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23413 – BIG-IP Next Central Manager vulnerability
https://notcve.org/view.php?id=CVE-2025-23413
05 Feb 2025 — When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000149185 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24319 – BIG-IP Next Central Manager vulnerability
https://notcve.org/view.php?id=CVE-2025-24319
05 Feb 2025 — When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000148412 • CWE-20: Improper Input Validation •
CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24312 – BIG-IP AFM vulnerability
https://notcve.org/view.php?id=CVE-2025-24312
05 Feb 2025 — When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000141380 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-22846 – BIG-IP SIP Vulnerability
https://notcve.org/view.php?id=CVE-2025-22846
05 Feb 2025 — When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000139780 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 8.9EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21087 – TMM Vulnerability
https://notcve.org/view.php?id=CVE-2025-21087
05 Feb 2025 — When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated • https://my.f5.com/manage/s/article/K000134888 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37028 – BIG-IP Next Central Manager vulnerability
https://notcve.org/view.php?id=CVE-2024-37028
14 Aug 2024 — BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000139938 • CWE-645: Overly Restrictive Account Lockout Mechanism •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39809 – BIG-IP Next Central Manager vulnerability
https://notcve.org/view.php?id=CVE-2024-39809
14 Aug 2024 — The Central Manager user session refresh token does not expire when a user logs out. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated • https://my.f5.com/manage/s/article/K000140111 • CWE-613: Insufficient Session Expiration •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41719 – BIG-IP Next Central Manager vulnerability
https://notcve.org/view.php?id=CVE-2024-41719
14 Aug 2024 — When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM), F5 iHealth credentials will be logged in the BIG-IP Central Manager logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000140006 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-41164 – BIG-IP MPTCP vulnerability
https://notcve.org/view.php?id=CVE-2024-41164
14 Aug 2024 — When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000138477 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 89%CPEs: 1EXPL: 2CVE-2024-26026 – BIG-IP Central Manager SQL Injection
https://notcve.org/view.php?id=CVE-2024-26026
08 May 2024 — An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Existe una vulnerabilidad de inyección SQL en la API (URI) de BIG-IP Next Central Manager. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan • https://github.com/passwa11/CVE-2024-26026 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •