CyberAlerts

CVE-2025-41431

Description: When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic group. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS: HIGH (7.5)

EPSS Score: 0.1%

Source: CVE

May 7th, 2025 (about 1 month ago)

CVE-2025-41414

BIG-IP HTTP/2 vulnerability

Description: When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS: HIGH (7.5)

EPSS Score: 0.12%

Source: CVE

May 7th, 2025 (about 1 month ago)

CVE-2025-41399

SCTP Vulnerability

Description: When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS: HIGH (7.5)

EPSS Score: 0.1%

Source: CVE

May 7th, 2025 (about 1 month ago)

CVE-2025-36557

BIG-IP HTTP vulnerability

Description: When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS: HIGH (7.5)

EPSS Score: 0.1%

Source: CVE

May 7th, 2025 (about 1 month ago)

CVE-2025-36546

F5OS Appliance Mode vulnerability

Description: On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user's SSH private key. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS: HIGH (8.1)

EPSS Score: 0.12%

Source: CVE

May 7th, 2025 (about 1 month ago)

CVE-2025-36525

BIG-IP APM PingAccess Virtual Server Vulnerability

Description: When a BIG-IP APM virtual server is configured to use a PingAccess profile, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS: HIGH (7.5)

EPSS Score: 0.1%

Source: CVE

May 7th, 2025 (about 1 month ago)

CVE-2025-36504

BIG-IP HTTP/2 vulnerability

Description: When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS: HIGH (7.5)

EPSS Score: 0.1%

Source: CVE

May 7th, 2025 (about 1 month ago)

CVE-2025-35995

BIG-IP PEM vulnerability

Description: When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS: HIGH (7.5)

EPSS Score: 0.1%

Source: CVE

May 7th, 2025 (about 1 month ago)

CVE-2025-31644

Appliance mode BIG-IP iControl REST and tmsh vulnerability

Description: When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS: HIGH (8.7)

EPSS Score: 0.09%

Source: CVE

May 7th, 2025 (about 1 month ago)

CVE-2024-24796

WordPress Event Manager for WooCommerce Plugin <= 4.1.1 is vulnerable to PHP Object Injection

Description: Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin: from n/a through 4.1.1.

CVSS: HIGH (8.2)

EPSS Score: 0.24%

SSVC Exploitation: none

Source: CVE

May 7th, 2025 (about 1 month ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-41431	TMM Vulnerability Description: When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic group. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVSS: HIGH (7.5) EPSS Score: 0.1% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-41414	BIG-IP HTTP/2 vulnerability Description: When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated CVSS: HIGH (7.5) EPSS Score: 0.12% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-41399	SCTP Vulnerability Description: When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVSS: HIGH (7.5) EPSS Score: 0.1% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-36557	BIG-IP HTTP vulnerability Description: When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVSS: HIGH (7.5) EPSS Score: 0.1% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-36546	F5OS Appliance Mode vulnerability Description: On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user's SSH private key. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVSS: HIGH (8.1) EPSS Score: 0.12% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-36525	BIG-IP APM PingAccess Virtual Server Vulnerability Description: When a BIG-IP APM virtual server is configured to use a PingAccess profile, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVSS: HIGH (7.5) EPSS Score: 0.1% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-36504	BIG-IP HTTP/2 vulnerability Description: When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVSS: HIGH (7.5) EPSS Score: 0.1% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-35995	BIG-IP PEM vulnerability Description: When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVSS: HIGH (7.5) EPSS Score: 0.1% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2025-31644	Appliance mode BIG-IP iControl REST and tmsh vulnerability Description: When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVSS: HIGH (8.7) EPSS Score: 0.09% Source: CVE May 7th, 2025 (about 1 month ago)
CVE-2024-24796	WordPress Event Manager for WooCommerce Plugin <= 4.1.1 is vulnerable to PHP Object Injection Description: Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin: from n/a through 4.1.1. CVSS: HIGH (8.2) EPSS Score: 0.24% SSVC Exploitation: none Source: CVE May 7th, 2025 (about 1 month ago)