F5 BIG-IP Appliance Mode Command Injection Vulnerability (CVE-2025-31844) Advisory

Critical Vulnerability Information Vulnerability Description CVE ID: CVE-2025-31844 Title: Appliance mode BIG-IP iControl REST and tmsh vulnerability Release Date: May 7, 2025 Update Date: May 7, 2025 Status: Final Security Advisory Description In Appliance mode, a command injection vulnerability exists that allows an authenticated attacker to execute arbitrary system commands with administrator privileges. Successful exploitation of this vulnerability could enable an attacker to cross security boundaries. Impact Affected Products: F5 Product Development has assessed the impact of this vulnerability on multiple versions of BIG-IP and F5OS products. CVE Classification: CWE-78: Improper Neutralization of Special Elements Used in an OS Command ('OS Command Injection') Security Status Affected Products: BIG-IP Next, BIG-IP Centralized Management, BIG-IP SPN, BIG-IP CNF, BIG-IP for Kubernetes, etc. Unaffected Products: BIG-IQ Next, BIG-IQ Centralized Management, NGINX Plus R26 and later versions, etc. Recommended Actions Apply Patches: Users running vulnerable versions should install the listed patches to remediate the vulnerability. Temporary Mitigations: Include blocking access to the iControl REST interface via self IP addresses, configuring firewall rules to restrict access to management interfaces, etc. Additional Information Related Documentation: Links are provided to detailed information on configuring firewall rules, using packet filtering features, etc.

Goal Reached Thanks to every supporter — we hit 100%!

F5 BIG-IP Appliance Mode Command Injection Vulnerability (CVE-2025-31844) Advisory