Vulnerability-Lookup - Search a vulnerability

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIG-IP Next pour Kubernetes versions 2.1.x ant\u00e9rieures \u00e0 2.1.0 EHF-2",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next SPK versions 1.7.x ant\u00e9rieures \u00e0 1.7.15 EHF-2",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (tous les modules) versions 15.1.x ant\u00e9rieures \u00e0 15.1.10.8",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next CNF versions 2.x ant\u00e9rieures \u00e0 2.1.0 EHF-1",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (tous les modules) versions 17.5.x ant\u00e9rieures \u00e0 17.5.1.3",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next SPK versions 2.x ant\u00e9rieures \u00e0 2.1.0 EHF-1",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (tous les modules) versions 17.1.x ant\u00e9rieures \u00e0 17.1.3",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX App Protect WAF versions ant\u00e9rieures \u00e0 4.7.0",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next CNF versions 1.4.x ant\u00e9rieures \u00e0 1.4.0 EHF-3",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (tous les modules) versions 16.1.x ant\u00e9rieures \u00e0 16.1.6.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-48008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48008"
    },
    {
      "name": "CVE-2025-53521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53521"
    },
    {
      "name": "CVE-2025-54858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54858"
    },
    {
      "name": "CVE-2025-59478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59478"
    },
    {
      "name": "CVE-2025-61990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61990"
    },
    {
      "name": "CVE-2025-55670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55670"
    },
    {
      "name": "CVE-2025-58153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58153"
    },
    {
      "name": "CVE-2025-58071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58071"
    },
    {
      "name": "CVE-2025-55036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55036"
    },
    {
      "name": "CVE-2025-53868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53868"
    },
    {
      "name": "CVE-2025-60015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60015"
    },
    {
      "name": "CVE-2025-59481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59481"
    },
    {
      "name": "CVE-2025-54479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54479"
    },
    {
      "name": "CVE-2025-41430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41430"
    },
    {
      "name": "CVE-2025-59483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59483"
    },
    {
      "name": "CVE-2025-59778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59778"
    },
    {
      "name": "CVE-2025-59268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59268"
    },
    {
      "name": "CVE-2025-53860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53860"
    },
    {
      "name": "CVE-2025-54805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54805"
    },
    {
      "name": "CVE-2025-61935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61935"
    },
    {
      "name": "CVE-2025-57780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57780"
    },
    {
      "name": "CVE-2025-61938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61938"
    },
    {
      "name": "CVE-2025-61951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61951"
    },
    {
      "name": "CVE-2025-59781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59781"
    },
    {
      "name": "CVE-2025-53474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53474"
    },
    {
      "name": "CVE-2025-58096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58096"
    },
    {
      "name": "CVE-2025-61974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61974"
    },
    {
      "name": "CVE-2025-53856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53856"
    },
    {
      "name": "CVE-2025-58424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58424"
    },
    {
      "name": "CVE-2025-60013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60013"
    },
    {
      "name": "CVE-2025-60016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60016"
    },
    {
      "name": "CVE-2025-47150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47150"
    },
    {
      "name": "CVE-2025-58120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58120"
    },
    {
      "name": "CVE-2025-61958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61958"
    },
    {
      "name": "CVE-2025-59269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59269"
    },
    {
      "name": "CVE-2025-54854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54854"
    },
    {
      "name": "CVE-2025-54755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54755"
    },
    {
      "name": "CVE-2025-61955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61955"
    },
    {
      "name": "CVE-2025-61960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61960"
    },
    {
      "name": "CVE-2025-58474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58474"
    },
    {
      "name": "CVE-2025-61933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61933"
    },
    {
      "name": "CVE-2025-47148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47148"
    },
    {
      "name": "CVE-2025-29481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29481"
    },
    {
      "name": "CVE-2025-46706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46706"
    },
    {
      "name": "CVE-2025-55669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55669"
    }
  ],
  "initial_release_date": "2025-10-16T00:00:00",
  "last_revision_date": "2025-10-16T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0886",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
  "vendor_advisories": [
    {
      "published_at": "2025-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000156572",
      "url": "https://my.f5.com/manage/s/article/K000156572"
    }
  ]
}

CERTFR-2025-AVI-0710

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
F5	BIG-IP Next	BIG-IP Next for Kubernetes versions 2.x antérieures à 2.0.0
F5	NGINX Plus	NGINX Plus versions R33 antérieures à R33 P3
F5	BIG-IP	BIG-IP (tous les modules) versions 17.5.x antérieures à Hotfix-BIGIP-17.5.1.0.80.7-ENG.iso3
F5	NGINX	NGINX Open Source versions 0.7.22 à 1.29.0 antérieures à 1.29.1
F5	BIG-IP	BIG-IP (tous les modules) versions 17.1.x antérieures à Hotfix-BIGIP-17.1.2.2.0.259.12-ENG.iso3
F5	BIG-IP Next	BIG-IP Next for Kubernetes versions 2.0.0
F5	BIG-IP Next	BIG-IP Next CNF versions 2.0.0 à 2.0.2 et 1.1.0 à 1.4.1
F5	BIG-IP Next	BIG-IP Next (tous les modules) versions 20.x antérieures à 20.3.0
F5	BIG-IP Next	BIG-IP Next (tous les modules) versions 20.3.0
F5	BIG-IP	BIG-IP (APM) versions 17.1.x antérieures à 17.1.2.2
F5	BIG-IP	BIG-IP (tous les modules) versions 16.1.0 à 16.1.5 antérieures à 16.1.6
F5	BIG-IP	BIG-IP (tous les modules) versions 17.x antérieures à 17.1.0 - 17.1.2
F5	NGINX Plus	NGINX Plus versions R34 antérieures à R34 P2
F5	NGINX Plus	NGINX Plus versions antérieures à R35
F5	BIG-IP	BIG-IP (tous les modules) versions 16.1.x antérieures à Hotfix-BIGIP-16.1.6.0.27.3-ENG.iso3
F5	NGINX Plus	NGINX Plus versions antérieures à R32 P3
F5	BIG-IP Next	BIG-IP Next SPK versions 2.0.0 à 2.0.2 et 1.7.0 à 1.9.2
F5	BIG-IP Next	BIG-IP Next SPK versions 2.0.x antérieures à 2.0.2
F5	BIG-IP	BIG-IP (tous les modules) versions 17.1.0 à 17.1.2 antérieures à 17.1.2.2
F5	BIG-IP	BIG-IP (APM) versions 17.5.0 à 17.5.1, 17.1.0 à 17.1.2, 16.1.0 à 16.1.6 et 15.1.0 à 15.1.10
F5	BIG-IP Next	BIG-IP Next CNF versions 2.x antérieures à 2.0.0 - 2.0.2
F5	BIG-IP	BIG-IP (APM) versions 16.1.x antérieures à 16.1.6

References

Title

Publication Time

Tags

Bulletin de sécurité F5 K000141436	2025-08-13	vendor-advisory
Bulletin de sécurité F5 K000152635	2025-08-13	vendor-advisory
Bulletin de sécurité F5 K000151546	2025-08-13	vendor-advisory
Bulletin de sécurité F5 K000152001	2025-08-13	vendor-advisory
Bulletin de sécurité F5 K000152049	2025-08-13	vendor-advisory
Bulletin de sécurité F5 K000151782	2025-08-13	vendor-advisory

Show details on source website

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIG-IP Next for Kubernetes versions 2.x ant\u00e9rieures \u00e0 2.0.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Plus versions R33 ant\u00e9rieures \u00e0 R33 P3",
      "product": {
        "name": "NGINX Plus",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (tous les modules) versions 17.5.x ant\u00e9rieures \u00e0 Hotfix-BIGIP-17.5.1.0.80.7-ENG.iso3",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Open Source versions 0.7.22 \u00e0 1.29.0 ant\u00e9rieures \u00e0 1.29.1",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (tous les modules) versions 17.1.x ant\u00e9rieures \u00e0 Hotfix-BIGIP-17.1.2.2.0.259.12-ENG.iso3",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next for Kubernetes versions 2.0.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next CNF versions 2.0.0 \u00e0 2.0.2 et 1.1.0 \u00e0 1.4.1",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next (tous les modules) versions 20.x ant\u00e9rieures \u00e0 20.3.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next (tous les modules) versions 20.3.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (APM) versions 17.1.x ant\u00e9rieures \u00e0 17.1.2.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (tous les modules) versions 16.1.0 \u00e0 16.1.5 ant\u00e9rieures \u00e0 16.1.6",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (tous les modules) versions 17.x ant\u00e9rieures \u00e0 17.1.0 - 17.1.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Plus versions R34 ant\u00e9rieures \u00e0 R34 P2",
      "product": {
        "name": "NGINX Plus",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Plus versions ant\u00e9rieures \u00e0 R35",
      "product": {
        "name": "NGINX Plus",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (tous les modules) versions 16.1.x ant\u00e9rieures \u00e0 Hotfix-BIGIP-16.1.6.0.27.3-ENG.iso3",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Plus versions ant\u00e9rieures \u00e0 R32 P3",
      "product": {
        "name": "NGINX Plus",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next SPK versions 2.0.0 \u00e0 2.0.2 et 1.7.0 \u00e0 1.9.2",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next SPK versions 2.0.x ant\u00e9rieures \u00e0 2.0.2",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (tous les modules) versions 17.1.0 \u00e0 17.1.2 ant\u00e9rieures \u00e0 17.1.2.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (APM) versions 17.5.0 \u00e0 17.5.1, 17.1.0 \u00e0 17.1.2, 16.1.0 \u00e0 16.1.6 et 15.1.0 \u00e0 15.1.10",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next CNF versions 2.x ant\u00e9rieures \u00e0 2.0.0 - 2.0.2",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (APM) versions 16.1.x ant\u00e9rieures \u00e0 16.1.6",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-53859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53859"
    },
    {
      "name": "CVE-2025-54500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54500"
    },
    {
      "name": "CVE-2025-54809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54809"
    },
    {
      "name": "CVE-2025-52585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52585"
    },
    {
      "name": "CVE-2025-48500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48500"
    },
    {
      "name": "CVE-2025-46405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46405"
    }
  ],
  "initial_release_date": "2025-08-19T00:00:00",
  "last_revision_date": "2025-08-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0710",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
  "vendor_advisories": [
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000141436",
      "url": "https://my.f5.com/manage/s/article/K000141436"
    },
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000152635",
      "url": "https://my.f5.com/manage/s/article/K000152635"
    },
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000151546",
      "url": "https://my.f5.com/manage/s/article/K000151546"
    },
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000152001",
      "url": "https://my.f5.com/manage/s/article/K000152001"
    },
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000152049",
      "url": "https://my.f5.com/manage/s/article/K000152049"
    },
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000151782",
      "url": "https://my.f5.com/manage/s/article/K000151782"
    }
  ]
}

CERTFR-2025-AVI-0382

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
F5	BIG-IP Next	BIG-IP Next CNF versions 2.x antérieures à 2.0.0
F5	BIG-IP Next	BIG-IP Next versions 20.x antérieures à 20.3.0
F5	BIG-IP	BIG-IP versions 15.x
F5	BIG-IP Next	BIG-IP Next CNF versions 1.x
F5	BIG-IP Next	BIG-IP Next SPK versions 1.x
F5	BIG-IP Next	BIG-IP Next SPK versions 2.x antérieures à 2.0.0
F5	BIG-IP	BIG-IP versions 16.x antérieures à 16.1.6
F5	BIG-IP	BIG-IP versions 17.x antérieures à 17.1.2.2

References

Title

Publication Time

Tags

Bulletin de sécurité F5 K000150668	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000140937	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000140919	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000140968	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000137709	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000151008	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000150598	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000139571	2025-05-07	vendor-advisory
Bulletin de sécurité F5 K000148591	2025-05-07	vendor-advisory

Show details on source website

Bulletin de sécurité F5 K000149540

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIG-IP Next CNF versions 2.x ant\u00e9rieures \u00e0 2.0.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next versions 20.x ant\u00e9rieures \u00e0 20.3.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 15.x",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next CNF versions 1.x",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next SPK versions 1.x",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next SPK versions 2.x ant\u00e9rieures \u00e0 2.0.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 16.x ant\u00e9rieures \u00e0 16.1.6",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 17.x ant\u00e9rieures \u00e0 17.1.2.2\t",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-41431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41431"
    },
    {
      "name": "CVE-2025-41399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41399"
    },
    {
      "name": "CVE-2025-41433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41433"
    },
    {
      "name": "CVE-2025-35995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-35995"
    },
    {
      "name": "CVE-2025-36557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36557"
    },
    {
      "name": "CVE-2025-31644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31644"
    },
    {
      "name": "CVE-2025-43878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43878"
    },
    {
      "name": "CVE-2025-36525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36525"
    },
    {
      "name": "CVE-2025-41414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41414"
    },
    {
      "name": "CVE-2025-36504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36504"
    }
  ],
  "initial_release_date": "2025-05-09T00:00:00",
  "last_revision_date": "2025-05-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0382",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-05-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
  "vendor_advisories": [
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000150668",
      "url": "https://my.f5.com/manage/s/article/K000150668"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000140937",
      "url": "https://my.f5.com/manage/s/article/K000140937"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000140919",
      "url": "https://my.f5.com/manage/s/article/K000140919"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000140968",
      "url": "https://my.f5.com/manage/s/article/K000140968"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000137709",
      "url": "https://my.f5.com/manage/s/article/K000137709"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000151008",
      "url": "https://my.f5.com/manage/s/article/K000151008"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000150598",
      "url": "https://my.f5.com/manage/s/article/K000150598"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000139571",
      "url": "https://my.f5.com/manage/s/article/K000139571"
    },
    {
      "published_at": "2025-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000148591",
      "url": "https://my.f5.com/manage/s/article/K000148591"
    }
  ]
}

CERTFR-2025-AVI-0099

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
F5	NGINX Plus	NGINX Plus versions R28 à R33 antérieures à R32 P2 ou R33 P2
F5	BIG-IP	BIG-IP versions 16.1.x antérieures à 16.1.5.2 sans les derniers correctifs de sécurité
F5	BIG-IP Next	BIG-IP Next Central Manager versions 20.x antérieures à 20.3.0
F5	BIG-IP Next	BIG-IP Next SPK versions 1.8.x à 1.9.x antérieures à 1.9.1
F5	BIG-IP	BIG-IP versions 15.1.x antérieures à 15.1.10.6 sans les derniers correctifs de sécurité
F5	BIG-IP	BIG-IP versions 17.1.x antérieures à 17.1.2.1
F5	BIG-IP Next	BIG-IP Next SPK versions 1.7.x antérieures à 1.7.7
F5	NGINX	NGINX Open Source versions 1.x antérieures à 1.26.3 ou 1.27.4
F5	BIG-IP Next	BIG-IP Next CNF versions antérieures à 1.4.0

References

Title

Publication Time

Tags

2025-02-05

vendor-advisory

Show details on source website

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "NGINX Plus versions R28 \u00e0 R33 ant\u00e9rieures \u00e0 R32 P2 ou R33 P2",
      "product": {
        "name": "NGINX Plus",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 16.1.x ant\u00e9rieures \u00e0 16.1.5.2 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next Central Manager versions 20.x ant\u00e9rieures \u00e0 20.3.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next SPK versions 1.8.x \u00e0 1.9.x ant\u00e9rieures \u00e0 1.9.1",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 15.1.x ant\u00e9rieures \u00e0 15.1.10.6 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 17.1.x ant\u00e9rieures \u00e0 17.1.2.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next SPK versions 1.7.x ant\u00e9rieures \u00e0 1.7.7",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Open Source versions 1.x ant\u00e9rieures \u00e0 1.26.3 ou 1.27.4",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next CNF versions ant\u00e9rieures \u00e0 1.4.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-23413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23413"
    },
    {
      "name": "CVE-2025-22891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22891"
    },
    {
      "name": "CVE-2025-24326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24326"
    },
    {
      "name": "CVE-2025-24320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24320"
    },
    {
      "name": "CVE-2025-20045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20045"
    },
    {
      "name": "CVE-2025-24497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24497"
    },
    {
      "name": "CVE-2025-20058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20058"
    },
    {
      "name": "CVE-2025-23239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23239"
    },
    {
      "name": "CVE-2025-23415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23415"
    },
    {
      "name": "CVE-2025-21087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21087"
    },
    {
      "name": "CVE-2025-24319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24319"
    },
    {
      "name": "CVE-2025-20029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20029"
    },
    {
      "name": "CVE-2025-21091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21091"
    },
    {
      "name": "CVE-2025-22846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22846"
    },
    {
      "name": "CVE-2025-23419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23419"
    },
    {
      "name": "CVE-2025-24312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24312"
    },
    {
      "name": "CVE-2025-23412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23412"
    }
  ],
  "initial_release_date": "2025-02-06T00:00:00",
  "last_revision_date": "2025-02-06T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0099",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-02-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
  "vendor_advisories": [
    {
      "published_at": "2025-02-05",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000149540",
      "url": "https://my.f5.com/manage/s/article/K000149540"
    }
  ]
}

CERTFR-2024-AVI-0699

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
F5	BIG-IP	BIG-IP (tous les modules) versions 15.x toutes versions pour les vulnérabilités CVE-2024-39778, CVE-2024-41727 et CVE-2024-41723
F5	BIG-IP	BIG-IP (tous les modules) versions 17.1.x antérieures à 17.1.1
F5	BIG-IP	BIG-IP (tous les modules) versions 16.1.x antérieures à 16.1.5
F5	NGINX	NGINX Plus versions R32 antérieures à R32 P1
F5	BIG-IP Next	BIG-IP Next SPK versions 1.7.0 à 1.8.2 antérieures à 1.9.0
F5	NGINX	NGINX Open Source versions 1.5.13 à 1.26.1 antérieures à 1.26.2 et 1.27.1
F5	BIG-IP	BIG-IP (tous les modules) versions 15.x antérieures à 15.1.10
F5	BIG-IP Next	BIG-IP Next CNF versions 1.x antérieures à 1.2.0
F5	NGINX	NGINX Plus versions R2x et R3x antérieures à R31 P3
F5	BIG-IP Next	BIG-IP Next Central Manager versions 20.x antérieures à 20.2.1

References

Title

Publication Time

Tags

Bulletin de sécurité F5 K000140108	2024-08-14	vendor-advisory
Bulletin de sécurité F5 K000140552	2024-08-14	vendor-advisory
Bulletin de sécurité F5 K000139938	2024-08-14	vendor-advisory
Bulletin de sécurité F5 K000138833	2024-08-14	vendor-advisory
Bulletin de sécurité F5 K05710614	2024-08-14	vendor-advisory
Bulletin de sécurité F5 K000140006	2024-08-14	vendor-advisory
Bulletin de sécurité F5 K000140111	2024-08-14	vendor-advisory
Bulletin de sécurité F5 K000140529	2024-08-14	vendor-advisory
Bulletin de sécurité F5 K10438187	2024-08-14	vendor-advisory
Bulletin de sécurité F5 K000138477	2024-08-14	vendor-advisory

Show details on source website

Bulletin de sécurité F5 K000139404 du 08 mai 2024

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIG-IP (tous les modules) versions 15.x toutes versions pour les vuln\u00e9rabilit\u00e9s CVE-2024-39778, CVE-2024-41727 et  CVE-2024-41723",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (tous les modules) versions 17.1.x ant\u00e9rieures \u00e0 17.1.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (tous les modules) versions 16.1.x ant\u00e9rieures \u00e0 16.1.5",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Plus versions R32 ant\u00e9rieures \u00e0 R32 P1",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next SPK versions 1.7.0 \u00e0 1.8.2 ant\u00e9rieures \u00e0 1.9.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Open Source versions 1.5.13 \u00e0 1.26.1 ant\u00e9rieures \u00e0 1.26.2 et 1.27.1",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (tous les modules) versions 15.x ant\u00e9rieures \u00e0 15.1.10",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next CNF versions 1.x ant\u00e9rieures \u00e0 1.2.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Plus versions R2x et R3x ant\u00e9rieures \u00e0 R31 P3",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next Central Manager versions 20.x ant\u00e9rieures \u00e0 20.2.1",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-7347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7347"
    },
    {
      "name": "CVE-2024-41727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41727"
    },
    {
      "name": "CVE-2024-41719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41719"
    },
    {
      "name": "CVE-2024-39792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39792"
    },
    {
      "name": "CVE-2024-39778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39778"
    },
    {
      "name": "CVE-2024-37028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37028"
    },
    {
      "name": "CVE-2024-41723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41723"
    },
    {
      "name": "CVE-2024-39809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39809"
    },
    {
      "name": "CVE-2024-41164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41164"
    }
  ],
  "initial_release_date": "2024-08-19T00:00:00",
  "last_revision_date": "2024-08-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0699",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5 et Nginx",
  "vendor_advisories": [
    {
      "published_at": "2024-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000140108",
      "url": "https://my.f5.com/manage/s/article/K000140108"
    },
    {
      "published_at": "2024-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000140552",
      "url": "https://my.f5.com/manage/s/article/K000140552"
    },
    {
      "published_at": "2024-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000139938",
      "url": "https://my.f5.com/manage/s/article/K000139938"
    },
    {
      "published_at": "2024-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000138833",
      "url": "https://my.f5.com/manage/s/article/K000138833"
    },
    {
      "published_at": "2024-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K05710614",
      "url": "https://my.f5.com/manage/s/article/K05710614"
    },
    {
      "published_at": "2024-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000140006",
      "url": "https://my.f5.com/manage/s/article/K000140006"
    },
    {
      "published_at": "2024-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000140111",
      "url": "https://my.f5.com/manage/s/article/K000140111"
    },
    {
      "published_at": "2024-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000140529",
      "url": "https://my.f5.com/manage/s/article/K000140529"
    },
    {
      "published_at": "2024-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K10438187",
      "url": "https://my.f5.com/manage/s/article/K10438187"
    },
    {
      "published_at": "2024-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000138477",
      "url": "https://my.f5.com/manage/s/article/K000138477"
    }
  ]
}

CERTFR-2024-AVI-0377

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
F5	BIG-IP Next	BIG-IP Next Central Manager versions 20.0.x antérieures à 20.2.0
F5	BIG-IP	BIG-IP AFM versions 17.0.x antérieures à 17.1.1
F5	BIG-IP	BIG-IP AFM versions antérieures à 16.1.4
F5	BIG-IP	BIG-IP APM versions 16.1.x antérieures à 16.1.4.2
F5	N/A	APM Clients versions postérieures à 7.2.3 et antérieures à 7.2.4.4
F5	BIG-IP Next	BIG-IP Next CNF versions antérieures à 1.3.0
F5	BIG-IP	BIG-IP "tous les autres modules" versions 15.1.x antérieures à 15.1.5.1
F5	BIG-IP	BIG-IP "tous les autres modules" versions 16.1.x antérieures à 16.1.2.2
F5	BIG-IP	BIG-IP versions 15.1.x antérieures à 15.1.10.4
F5	BIG-IP	BIG-IP Advanced WAF/ASM versions 17.1.x antérieures à 17.1.3
F5	BIG-IP	BIG-IP APM versions 15.1.x antérieures à 15.1.10.3
F5	BIG-IP	BIG-IP APM versions 17.1.x antérieures à 17.1.1
F5	BIG-IP	BIG-IP Advanced WAF/ASM versions 15.1.x antérieures à 15.1.10.4
F5	BIG-IP	BIG-IP versions 16.1.x antérieures à 16.1.4.3
F5	BIG-IP Next	BIG-IP Next SPK versions antérieures à 1.7.0
F5	BIG-IP	BIG-IP Advanced WAF/ASM versions 16.1.x antérieures à 16.1.4.3
F5	BIG-IP Next	BIG-IP Next WAF versions 20.0.x antérieures à 20.2.0
F5	BIG-IP	BIG-IP AFM versions 15.1.x antérieures à 15.1.10.4
F5	NGINX	NGINX App Protect WAF versions antérieures à 4.8.1
F5	BIG-IP	BIG-IP versions 17.1.x antérieures à 17.1.3

References

Title

Publication Time

Tags

None

vendor-advisory

Show details on source website

Bulletin de sécurité F5 du 14 février 2024

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIG-IP Next Central Manager versions 20.0.x ant\u00e9rieures \u00e0 20.2.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP AFM versions 17.0.x ant\u00e9rieures \u00e0 17.1.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP AFM versions ant\u00e9rieures \u00e0 16.1.4",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP APM versions 16.1.x ant\u00e9rieures \u00e0 16.1.4.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "APM Clients versions post\u00e9rieures \u00e0 7.2.3 et ant\u00e9rieures \u00e0 7.2.4.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next CNF versions ant\u00e9rieures \u00e0 1.3.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP \"tous les autres modules\" versions 15.1.x ant\u00e9rieures \u00e0 15.1.5.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP \"tous les autres modules\" versions 16.1.x ant\u00e9rieures \u00e0 16.1.2.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 15.1.x ant\u00e9rieures \u00e0 15.1.10.4",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Advanced WAF/ASM versions 17.1.x ant\u00e9rieures \u00e0 17.1.3",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP APM versions 15.1.x ant\u00e9rieures \u00e0 15.1.10.3",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP APM versions 17.1.x ant\u00e9rieures \u00e0 17.1.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Advanced WAF/ASM versions 15.1.x ant\u00e9rieures \u00e0 15.1.10.4",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 16.1.x ant\u00e9rieures \u00e0 16.1.4.3",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next SPK versions ant\u00e9rieures \u00e0 1.7.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Advanced WAF/ASM versions 16.1.x ant\u00e9rieures \u00e0 16.1.4.3",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next WAF versions 20.0.x ant\u00e9rieures \u00e0 20.2.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP AFM versions 15.1.x ant\u00e9rieures \u00e0 15.1.10.4",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX App Protect WAF versions ant\u00e9rieures \u00e0 4.8.1",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 17.1.x ant\u00e9rieures \u00e0 17.1.3",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-28889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28889"
    },
    {
      "name": "CVE-2024-33612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33612"
    },
    {
      "name": "CVE-2024-27202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27202"
    },
    {
      "name": "CVE-2024-21793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21793"
    },
    {
      "name": "CVE-2024-31156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31156"
    },
    {
      "name": "CVE-2024-32049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32049"
    },
    {
      "name": "CVE-2024-32761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32761"
    },
    {
      "name": "CVE-2024-28883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28883"
    },
    {
      "name": "CVE-2024-28132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28132"
    },
    {
      "name": "CVE-2024-33604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33604"
    },
    {
      "name": "CVE-2024-25560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25560"
    },
    {
      "name": "CVE-2024-26026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26026"
    },
    {
      "name": "CVE-2024-33608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33608"
    }
  ],
  "initial_release_date": "2024-05-10T00:00:00",
  "last_revision_date": "2024-05-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0377",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-05-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000139404 du 08 mai 2024",
      "url": "https://my.f5.com/manage/s/article/K000139404"
    }
  ]
}

CERTFR-2024-AVI-0137

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
F5	NGINX Plus	NGINX Plus versions R30 antérieures à R30 P2
F5	BIG-IP Next	BIG-IP Next SPK versions 1.x.x postérieures à 1.5.0 et antérieures à 1.8.1
F5	BIG-IP	BIG-IP versions 16.1.x antérieures à 16.1.4.2
F5	NGINX	NGINX Open Source 1.25.x antérieures à 1.25.4
F5	BIG-IP	BIG-IP versions 17.1.x antérieures à 17.1.1
F5	BIG-IP Next	BIG-IP Next CNF versions 1.x.x postérieures à 1.1.0 et antérieures à 1.2.0
F5	BIG-IP	BIG-IP versions 15.1.x antérieures à 15.1.10.3
F5	NGINX Plus	NGINX Plus versions R31 antérieures à R31 P1

References

Title

Publication Time

Tags

None

vendor-advisory

Show details on source website

Bulletin de sécurité F5 K000137053 du 10 octobre 2023

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "NGINX Plus versions R30 ant\u00e9rieures \u00e0 R30 P2",
      "product": {
        "name": "NGINX Plus",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next SPK versions 1.x.x post\u00e9rieures \u00e0 1.5.0 et ant\u00e9rieures \u00e0 1.8.1",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 16.1.x ant\u00e9rieures \u00e0 16.1.4.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Open Source 1.25.x ant\u00e9rieures \u00e0 1.25.4",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 17.1.x ant\u00e9rieures \u00e0 17.1.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next CNF versions 1.x.x post\u00e9rieures \u00e0 1.1.0 et ant\u00e9rieures \u00e0 1.2.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 15.1.x ant\u00e9rieures \u00e0 15.1.10.3",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Plus versions R31 ant\u00e9rieures \u00e0 R31 P1",
      "product": {
        "name": "NGINX Plus",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-24989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24989"
    },
    {
      "name": "CVE-2024-21849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21849"
    },
    {
      "name": "CVE-2024-24775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24775"
    },
    {
      "name": "CVE-2024-23979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23979"
    },
    {
      "name": "CVE-2024-21782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21782"
    },
    {
      "name": "CVE-2024-21771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21771"
    },
    {
      "name": "CVE-2024-23805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23805"
    },
    {
      "name": "CVE-2024-21763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21763"
    },
    {
      "name": "CVE-2024-21789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21789"
    },
    {
      "name": "CVE-2024-22093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22093"
    },
    {
      "name": "CVE-2024-23603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23603"
    },
    {
      "name": "CVE-2024-23982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23982"
    },
    {
      "name": "CVE-2024-23314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23314"
    },
    {
      "name": "CVE-2024-22389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22389"
    },
    {
      "name": "CVE-2024-23308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23308"
    },
    {
      "name": "CVE-2024-23607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23607"
    },
    {
      "name": "CVE-2024-23306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23306"
    },
    {
      "name": "CVE-2024-24990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24990"
    }
  ],
  "initial_release_date": "2024-02-15T00:00:00",
  "last_revision_date": "2024-02-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0137",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-02-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 du 14 f\u00e9vrier 2024",
      "url": "https://my.f5.com/manage/s/article/K000138353"
    }
  ]
}

CERTFR-2023-AVI-0837

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
F5	NGINX	NGINX OSS versions 1.9.5 à 1.25.2
F5	BIG-IP	BIG-IP (tous modules) versions 16.1.x antérieures à 16.1.4.1 avec le correctif de sécurité Hotfix-BIGIP-16.1.4.1.0.13.5-ENG
F5	BIG-IQ	BIG-IQ Centralized Management versions 8.0.0 à 8.3.0 antérieures à 8.3.0 avec le correctif Hotfix-BIG-IQ-8.3.0.0.12.118-ENG
F5	BIG-IP Next	BIG-IP Next SPK versions 1.5.0 à 1.8.2
F5	BIG-IP	BIG-IP (APM) versions 16.1.0 à 16.1.3 antérieures à 16.1.4
F5	NGINX Ingress Controller	NGINX Ingress Controller versions 3.0.0 à 3.3.0
F5	BIG-IP	BIG-IP (Advanced WAF/ASM) versions 16.1.x antérieures à 16.1.4
F5	NGINX Plus	NGINX Plus verions R25 à R30 antérieures à R30 P1
F5	BIG-IP	BIG-IP (DNS, LTM avec le license DNS Services activée) versions 13.1.x, 14.1.x, 15.1.x antérieures à 15.1.9
F5	NGINX Ingress Controller	NGINX Ingress Controller versions 2.0.0 à 2.4.2
F5	BIG-IP	BIG-IP (DNS, LTM avec le license DNS Services activée) versions 16.1.x antérieures à 16.1.4
F5	NGINX Ingress Controller	NGINX Ingress Controller versions 1.12.2 à 1.12.5
F5	BIG-IP Next	BIG-IP Next CNF versions 1.1.0 à 1.1.1
F5	NGINX	NGINX App Protect WAF versions 3.3.0 à 3.12.2 et 4.x antérieures à 4.2.0
F5	BIG-IP	BIG-IP (Advanced WAF/ASM) versions 13.1.x, 14.1.x, 15.1.x antérieures à 15.1.9
F5	N/A	APM Clients versions 7.2.3.x, 7.2.4.x antérieures à 7.2.4.5
F5	BIG-IP Next	BIG-IP Next (tous modules) version 20.0.1
F5	BIG-IP	BIG-IP (tous modules) versions 13.1.x, 14.1.x, 15.1.x antérieures à 15.1.10.2
F5	BIG-IP	BIG-IP (tous modules) versions 17.1.x antérieures à 17.1.0.3 avec le correctif de sécurité Hotfix-BIGIP-17.1.0.3.0.23.4-ENG
F5	BIG-IP	BIG-IP (APM) versions 14.1.x, 15.1.x antérieures à 15.1.9

References

Title

Publication Time

Tags

None

vendor-advisory

Show details on source website

https://my.f5.com/manage/s/article/K000152001

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "NGINX OSS versions 1.9.5 \u00e0 1.25.2",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (tous modules) versions 16.1.x ant\u00e9rieures \u00e0 16.1.4.1 avec le correctif de s\u00e9curit\u00e9 Hotfix-BIGIP-16.1.4.1.0.13.5-ENG",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IQ Centralized Management versions 8.0.0 \u00e0 8.3.0 ant\u00e9rieures \u00e0 8.3.0 avec le correctif Hotfix-BIG-IQ-8.3.0.0.12.118-ENG",
      "product": {
        "name": "BIG-IQ",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next SPK versions 1.5.0 \u00e0 1.8.2",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (APM) versions 16.1.0 \u00e0 16.1.3 ant\u00e9rieures \u00e0 16.1.4",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Ingress Controller versions 3.0.0 \u00e0 3.3.0",
      "product": {
        "name": "NGINX Ingress Controller",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (Advanced WAF/ASM) versions 16.1.x ant\u00e9rieures \u00e0 16.1.4",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Plus verions R25 \u00e0 R30 ant\u00e9rieures \u00e0 R30 P1",
      "product": {
        "name": "NGINX Plus",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (DNS, LTM avec le license DNS Services activ\u00e9e) versions 13.1.x, 14.1.x, 15.1.x ant\u00e9rieures \u00e0 15.1.9",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Ingress Controller versions 2.0.0 \u00e0 2.4.2",
      "product": {
        "name": "NGINX Ingress Controller",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (DNS, LTM avec le license DNS Services activ\u00e9e) versions 16.1.x ant\u00e9rieures \u00e0 16.1.4",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Ingress Controller versions 1.12.2 \u00e0 1.12.5",
      "product": {
        "name": "NGINX Ingress Controller",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next CNF versions 1.1.0 \u00e0 1.1.1",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX App Protect WAF versions 3.3.0 \u00e0 3.12.2 et 4.x ant\u00e9rieures \u00e0 4.2.0",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (Advanced WAF/ASM) versions 13.1.x, 14.1.x, 15.1.x ant\u00e9rieures \u00e0 15.1.9",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "APM Clients versions 7.2.3.x, 7.2.4.x ant\u00e9rieures \u00e0 7.2.4.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next (tous modules) version 20.0.1",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (tous modules) versions 13.1.x, 14.1.x, 15.1.x ant\u00e9rieures \u00e0 15.1.10.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (tous modules) versions 17.1.x ant\u00e9rieures \u00e0 17.1.0.3 avec le correctif de s\u00e9curit\u00e9 Hotfix-BIGIP-17.1.0.3.0.23.4-ENG",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (APM) versions 14.1.x, 15.1.x ant\u00e9rieures \u00e0 15.1.9",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-40542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40542"
    },
    {
      "name": "CVE-2023-5450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5450"
    },
    {
      "name": "CVE-2023-41373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41373"
    },
    {
      "name": "CVE-2023-43746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43746"
    },
    {
      "name": "CVE-2023-40537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40537"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-41085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41085"
    },
    {
      "name": "CVE-2023-41253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41253"
    },
    {
      "name": "CVE-2023-42768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42768"
    },
    {
      "name": "CVE-2023-43611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43611"
    },
    {
      "name": "CVE-2023-45226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45226"
    },
    {
      "name": "CVE-2023-45219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45219"
    },
    {
      "name": "CVE-2023-41964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41964"
    },
    {
      "name": "CVE-2023-39447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39447"
    },
    {
      "name": "CVE-2023-40534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40534"
    },
    {
      "name": "CVE-2023-43485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43485"
    }
  ],
  "initial_release_date": "2023-10-12T00:00:00",
  "last_revision_date": "2023-10-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0837",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000137053 du 10 octobre 2023",
      "url": "https://my.f5.com/manage/s/article/K000137053"
    }
  ]
}

CVE-2025-54500 (GCVE-0-2025-54500)

Vulnerability from nvd

Published

2025-08-13 14:46

Modified

2025-11-03 20:06

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Version: 17.5.0   < *
Version: 17.1.0   < *
Version: 16.1.0   < *
Version: 15.1.0   < *

F5	BIG-IP Next	Version: 20.3.0 < *
F5	BIG-IP Next SPK	Version: 2.0.0 < * Version: 1.7.0 < *
F5	BIG-IP Next CNF	Version: 2.0.0 < * Version: 1.1.0 < *
F5	BIG-IP Next for Kubernetes	Version: 2.0.0 < *

Show details on NVD website

https://my.f5.com/manage/s/article/K000137709

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54500",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T15:23:10.445718Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-13T15:26:07.477Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:06:30.935Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.kb.cert.org/vuls/id/767506"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "All Modules",
            "HTTP/2 enabled virtual server"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "17.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "17.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "16.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "15.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "modules": [
            "HTTP/2 enabled virtual server"
          ],
          "product": "BIG-IP Next",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "20.3.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "modules": [
            "F5SPKIngressHTTP2 Custom Resource"
          ],
          "product": "BIG-IP Next SPK",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "1.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "modules": [
            "F5SPKIngressHTTP2 Custom Resource"
          ],
          "product": "BIG-IP Next CNF",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "modules": [
            "F5SPKIngressHTTP2 Custom Resource"
          ],
          "product": "BIG-IP Next for Kubernetes",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "F5 acknowledges Gal Bar Nahum, Anat Bremler-Barr and Yaniv Harel for bringing this issue to our attention and following the highest standards of coordinated disclosure."
        }
      ],
      "datePublic": "2025-08-13T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack).\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack).\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-13T14:46:55.097Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://my.f5.com/manage/s/article/K000152001"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "HTTP/2 Vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2025-54500",
    "datePublished": "2025-08-13T14:46:55.097Z",
    "dateReserved": "2025-07-29T17:12:25.031Z",
    "dateUpdated": "2025-11-03T20:06:30.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-41399 (GCVE-0-2025-41399)

Vulnerability from nvd

Published

2025-05-07 22:04

Modified

2025-05-08 13:23

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

CWE

CWE-404 - Improper Resource Shutdown or Release

Summary

When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Patch: 17.5.0   < *
Version: 17.1.0   < 17.1.1
Version: 16.1.0   < 16.1.4
Version: 15.1.0   < 15.1.9

F5	BIG-IP Next	Version: 20.0.1 < 20.2.1
F5	BIG-IP Next SPK	Version: 1.8.0 < 2.0.0 Version: 1.7.0 < 1.7.12
F5	BIG-IP Next CNF	Patch: 2.0.0 < * Version: 1.1.0 < 1.3.0

Show details on NVD website

https://my.f5.com/manage/s/article/K000140919

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41399",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T13:23:45.422611Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-08T13:23:51.078Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "All Modules"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "17.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1.1",
              "status": "affected",
              "version": "17.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "16.1.4",
              "status": "affected",
              "version": "16.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1.9",
              "status": "affected",
              "version": "15.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "BIG-IP Next",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "20.2.1",
              "status": "affected",
              "version": "20.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "BIG-IP Next SPK",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "2.0.0",
              "status": "affected",
              "version": "1.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "1.7.12",
              "status": "affected",
              "version": "1.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "BIG-IP Next CNF",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "1.3.0",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5"
        }
      ],
      "datePublic": "2025-05-07T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-404",
              "description": "CWE-404 Improper Resource Shutdown or Release",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-07T22:04:07.220Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://my.f5.com/manage/s/article/K000137709"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "SCTP Vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2025-41399",
    "datePublished": "2025-05-07T22:04:07.220Z",
    "dateReserved": "2025-04-23T22:28:26.313Z",
    "dateUpdated": "2025-05-08T13:23:51.078Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-36504 (GCVE-0-2025-36504)

Vulnerability from nvd

Published

2025-05-07 22:04

Modified

2025-05-08 13:05

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Patch: 17.5.0   < *
Version: 17.1.0   < 17.1.2
Version: 16.1.0   < 16.1.6
Patch: 15.1.0   < *

F5	BIG-IP Next	Version: 20.2.0 < 20.3.0
F5	BIG-IP Next SPK	Version: 1.8.0 < 2.0.0 Version: 1.7.0 < *
F5	BIG-IP Next CNF	Version: 1.1.0 < 1.4.0 Version: 1.1.0 < *

Show details on NVD website

https://my.f5.com/manage/s/article/K000134888

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-36504",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T13:05:22.215826Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-08T13:05:39.886Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "All Modules"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "17.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1.2",
              "status": "affected",
              "version": "17.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "16.1.6",
              "status": "affected",
              "version": "16.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "15.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "BIG-IP Next",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "20.3.0",
              "status": "affected",
              "version": "20.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "BIG-IP Next SPK",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "2.0.0",
              "status": "affected",
              "version": "1.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "1.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "BIG-IP Next CNF",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "1.4.0",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5"
        }
      ],
      "datePublic": "2025-05-07T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization.\u003c/span\u003e\u0026nbsp; Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-07T22:04:09.881Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://my.f5.com/manage/s/article/K000140919"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "BIG-IP HTTP/2 vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2025-36504",
    "datePublished": "2025-05-07T22:04:09.881Z",
    "dateReserved": "2025-04-23T22:28:26.359Z",
    "dateUpdated": "2025-05-08T13:05:39.886Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-21087 (GCVE-0-2025-21087)

Vulnerability from nvd

Published

2025-02-05 17:30

Modified

2025-02-05 18:24

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.9 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Summary

When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Version: 17.1.0   < 17.1.2
Version: 16.1.0   < *
Version: 15.1.0   < *

BIG-IP Next

Version: 20.0.0 < 20.1.0

Show details on NVD website

https://my.f5.com/manage/s/article/K000152001

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21087",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T18:24:07.850966Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T18:24:18.086Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "All Modules"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "17.1.2",
              "status": "affected",
              "version": "17.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "Hotfix-BIGIP-16.1.5.2.0.7.5-ENG.iso",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "16.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "Hotfix-BIGIP-15.1.10.6.0.11.6-ENG.iso",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "15.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "BIG-IP Next",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "20.1.0",
              "status": "affected",
              "version": "20.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5"
        }
      ],
      "datePublic": "2025-02-05T15:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization.\u003c/span\u003e\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
            }
          ],
          "value": "When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization.\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.9,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-05T17:30:59.689Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://my.f5.com/manage/s/article/K000134888"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "TMM Vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2025-21087",
    "datePublished": "2025-02-05T17:30:59.689Z",
    "dateReserved": "2025-01-22T00:16:50.240Z",
    "dateUpdated": "2025-02-05T18:24:18.086Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-54500 (GCVE-0-2025-54500)

Vulnerability from cvelistv5

Published

2025-08-13 14:46

Modified

2025-11-03 20:06

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Version: 17.5.0   < *
Version: 17.1.0   < *
Version: 16.1.0   < *
Version: 15.1.0   < *

F5	BIG-IP Next	Version: 20.3.0 < *
F5	BIG-IP Next SPK	Version: 2.0.0 < * Version: 1.7.0 < *
F5	BIG-IP Next CNF	Version: 2.0.0 < * Version: 1.1.0 < *
F5	BIG-IP Next for Kubernetes	Version: 2.0.0 < *

Show details on NVD website