CVE-2025-23239

When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS v3 8.7 HIGH

8.7^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.3 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://my.f5.com/manage/s/article/K000138757	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.1:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.1:::::::*
	cpe:2.3:a:f5:big-ip_analytics:17.1.1:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.1:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:17.1.1:::::::*
	cpe:2.3:a:f5:big-ip_domain_name_system:17.1.1:::::::*
	cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.1:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.1:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:17.1.1:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.1:::::::*
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.1:::::::*

History

No history.

Information

Published : 2025-02-05 18:15

Updated : 2025-11-07 16:16

NVD link : CVE-2025-23239

Mitre link : CVE-2025-23239

CVE.ORG link : CVE-2025-23239

JSON object : View

Products Affected

f5

big-ip_advanced_firewall_manager
big-ip_domain_name_system
big-ip_application_security_manager
big-ip_local_traffic_manager
big-ip_fraud_protection_service
big-ip_access_policy_manager
big-ip_application_acceleration_manager
big-ip_global_traffic_manager
big-ip_policy_enforcement_manager
big-ip_link_controller
big-ip_analytics

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2025-23239", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-02-05T18:15:31.373", "references": [{"url": "https://my.f5.com/manage/s/article/K000138757", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary.\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}, {"lang": "es", "value": "Cuando se ejecuta en modo de dispositivo, existe una vulnerabilidad de inyecci\u00f3n de comandos remotos autenticados en un endpoint REST de iControl no revelado. Una explotaci\u00f3n exitosa puede permitir que el atacante cruce un l\u00edmite de seguridad. Nota: Las versiones de software que han alcanzado el fin del soporte t\u00e9cnico (EoTS) no se eval\u00faan."}], "lastModified": "2025-11-07T16:16:26.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B174875C-196E-4498-8B9D-920DCC437A9D"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80C0D584-36AD-43FF-BB2B-5D23E58F86A6"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04CA832A-0B44-4ED3-982C-64383EAD2CA4"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CC6C0B1-3A80-4D8C-8CFC-B921A4572B0B"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE41667C-F5FE-48F9-9555-EE191618E890"}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46A89A92-1E58-49B4-9A09-97D5D1D1BFE3"}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FED059F5-6FCB-40AB-A72B-8042075C2DFD"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9FFD39E-D450-4CFE-A349-5D296CB4D937"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA40288B-D088-4C4B-A848-C289FAC20764"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92FF1ECD-F7B7-4618-BF7F-769B58B4BF7C"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54FC4AB6-825A-418E-A625-F76602A4B57B"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}