Shodan
Vulnerabilities
Vulnerable Software
F5:  >> Big-Ip Access Policy Manager  >> 17.5.1.1  Security Vulnerabilities
CVE-2026-20732
A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
2.3
EPSS Score
0.001
Published
2026-02-04
CVE-2025-61933
A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-10-15
CVE-2025-61990
When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.7
EPSS Score
0.001
Published
2025-10-15
CVE-2025-61960
When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.7
EPSS Score
0.001
Published
2025-10-15
CVE-2025-53521
Known exploited
When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
9.3
EPSS Score
0.075
Published
2025-10-15
CVE-2025-54500
An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
6.9
EPSS Score
0.001
Published
2025-08-13
CVE-2025-48500
A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
7.0
EPSS Score
0.0
Published
2025-08-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved