This page lists publicly disclosed CVE vulnerabilities affecting f5 big-ip_analytics (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-20732 | A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 2.3 | 0.05% | 2026-02-04 | 2026-02-13 |
| CVE-2025-61990 | When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 8.7 | 0.07% | 2025-10-15 | 2025-10-21 |
| CVE-2025-58071 | When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 8.7 | 0.07% | 2025-10-15 | 2025-10-21 |
| CVE-2025-61958 | A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and gain access to a bash shell. For BIG-IP systems running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 8.5 | 0.06% | 2025-10-15 | 2026-02-04 |
| CVE-2025-61951 | Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. This issue may occur when a Datagram Transport Layer Security (DTLS) 1.2 virtual server is enabled with a Server SSL profile that is configured with a certificate, key, and the SSL Sign Hash set to ANY, and the backend server is enabled with DTLS 1.2 and client authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 8.7 | 0.06% | 2025-10-15 | 2025-10-21 |
| CVE-2025-59781 | When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 8.7 | 0.07% | 2025-10-15 | 2025-10-22 |
| CVE-2025-59483 | A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 8.5 | 0.06% | 2025-10-15 | 2025-10-21 |
| CVE-2025-59481 | A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 8.5 | 0.06% | 2025-10-15 | 2026-02-04 |
| CVE-2025-59269 | A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 8.4 | 0.03% | 2025-10-15 | 2025-10-21 |
| CVE-2025-59268 | On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 6.9 | 0.06% | 2025-10-15 | 2025-10-21 |
| CVE-2025-58424 | On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 6.3 | 0.06% | 2025-10-15 | 2026-02-04 |
| CVE-2025-58153 | Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a High-Speed Bridge (HSB) may experience a lockup of the HSB. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 8.2 | 0.05% | 2025-10-15 | 2026-02-04 |
| CVE-2025-58096 | When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 8.2 | 0.07% | 2025-10-15 | 2025-10-21 |
| CVE-2025-54755 | A directory traversal vulnerability exists in TMUI that allows a highly privileged authenticated attacker to access files which are not limited to the intended files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 6.9 | 0.25% | 2025-10-15 | 2026-01-27 |
| CVE-2025-53868 | When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 8.5 | 0.05% | 2025-10-15 | 2026-02-04 |
| CVE-2025-53856 | When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (ePVA) feature, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. To determine which BIG-IP platforms have an ePVA chip refer to K12837: Overview of the ePVA feature https://my.f5.com/manage/s/article/K12837 . Note: Software versions which have reached End of Technical Support (EoTS) are not evalu | [email protected] | 8.7 | 0.03% | 2025-10-15 | 2025-10-21 |
| CVE-2025-53474 | When an iRule using an ILX::call command is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 8.7 | 0.07% | 2025-10-15 | 2025-10-21 |
| CVE-2025-48008 | When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 8.7 | 0.07% | 2025-10-15 | 2025-10-21 |
| CVE-2025-46706 | When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 8.7 | 0.07% | 2025-10-15 | 2025-10-21 |
| CVE-2025-54500 | An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | [email protected] | 6.9 | 0.15% | 2025-08-13 | 2026-02-04 |