F5 BIG-IP Command Injection Vulnerability Let Attackers Execute Arbitrary System Commands

“As this attack is conducted by legitimate, authenticated administrator role users, there is no viable mitigation that also allows users access to the BIG-IP system. The vulnerability can only be exploited by attackers who have valid administrator credentials and network access to the affected iControl REST endpoint or local access to the affected tmsh command. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. While the attack surface is limited to authenticated users, the potential impact remains significant as it allows privileged users to execute commands beyond their intended authorization level. When exploited, this vulnerability allows attackers to manipulate command syntax to execute unintended operations with elevated privileges. A proof-of-concept (PoC) exploit has been released for a recently patched vulnerability in Apple's macOS operating system, tracked as CVE-2025-31258. Security experts note that there is no data plane exposure, meaning the vulnerability is limited to the control plane only. Organizations using F5 BIG-IP should immediately assess their exposure and implement the necessary patches or mitigations to safeguard their environments against this critical vulnerability. This exploit terminates the save command prematurely with the \}; sequence and then executes a system call via bash -c id to print the current user’s ID-confirming execution as root. Classified as CWE-78 (Improper Neutralization of Special Elements used in an OS Command), the flaw received a CVSS v3.1 score of 8.7 and a CVSS v4.0 score of 8.5, both rated as “High” severity. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. F5 has released patches for affected versions: 17.1.2.2, 16.1.6, and 15.1.10.7. Organizations are strongly advised to update to these patched versions immediately. The only mitigation is to remove access for users who are not completely trusted,” F5 advised.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 13 May 2025 08:55:09 +0000

Cyber News related to F5 BIG-IP Command Injection Vulnerability Let Attackers Execute Arbitrary System Commands

F5 Developing Fix for BIG-IP Vulnerability That Could Cause Denial of Service and Allow for Code Execution - F5 has warned of a serious format string vulnerability in BIG-IP that could allow an authenticated attacker to cause a denial-of-service and potentially execute malicious code. This security issue, tracked as CVE-2023-22374, affects iControl SOAP, an ...
2 years ago Securityweek.com CVE-2023-22374

CVE-2015-7393 - dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, ...
9 years ago

CVE-2015-8099 - F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before ...
6 years ago

CVE-2016-5022 - F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x ...
6 years ago

Holistic Approach To Privacy and Security in Tech - In this article, I would like to explain how I tackle privacy and security issues that are specific for large scale web and mobile applications and Big Tech. First, let's outline some of the biggest challenges Big Tech companies deal with in terms of ...
1 year ago Feeds.dzone.com

CVE-2015-5516 - Memory leak in the last hop kernel module in F5 BIG-IP LTM, GTM, and Link Controller 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.x before HF6, BIG-IP AAM 11.4.x, 11.5.x before 11.5.3 ...
6 years ago

F5 BIG-IP Command Injection Vulnerability Let Attackers Execute Arbitrary System Commands - “As this attack is conducted by legitimate, authenticated administrator role users, there is no viable mitigation that also allows users access to the BIG-IP system. The vulnerability can only be exploited by attackers who have valid ...
1 month ago Cybersecuritynews.com CVE-2025-31258

CVE-2015-7394 - The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.1.0 through 11.3.0, ...
6 years ago

April 2024's Most Wanted Malware: Surge in Androxgh0st Attacks and the Decline of LockBit3 - Researchers recently identified a spike in Androxgh0st attacks, a Trojan that targets Windows, Mac and Linux platforms, which saw it jump straight into second place in the top malware list. Our latest Global Threat Index for April 2024 saw ...
1 year ago Blog.checkpoint.com CVE-2021-3129 CVE-2024-1709 8base LockBit

CVE-2016-2084 - F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP ...
9 years ago

CVE-2016-5021 - The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x ...
8 years ago

CVE-2015-3628 - The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP Edge Gateway, WebAccelerator, and ...
6 years ago

CVE-2014-2928 - The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP ...
9 years ago

CVE-2016-6876 - The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link Controller 10.2.1 through 10.2.4, 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, ...
6 years ago

CVE-2020-5947 - In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP ...
4 years ago

F5 fixes BIG-IP Next Central Manager flaws with public PoCs - Eclypsium researchers have published details and PoC exploits for two remotely exploitable injection vulnerabilities affecting F5's BIG-IP Next Central Manager. They are usually deployed by big enterprises - telcos, internet and cloud service ...
1 year ago Helpnetsecurity.com CVE-2024-21793 CVE-2024-26026

Kubernetes Vulnerability Let Attackers Take Full System Control - A new vulnerability, CVE-2023-5528, has been discovered with Kubernetes. This vulnerability is associated with a command injection vulnerability that leads to remote code execution with SYSTEM-level privileges on the compromised Windows node. The ...
1 year ago Gbhackers.com CVE-2023-5528 CVE-2023-3676

Android Zygote Injection Vulnerability Let Attackers Execute Code & Escalate Privileges - The “Zygote Injection” vulnerability affects devices running Android 11 or older and enables attackers to escalate privileges from a shell user to the system user, potentially compromising entire devices. While unprivileged apps cannot ...
3 months ago Cybersecuritynews.com CVE-2024-31317

IBM Heron Quantum Chip, Quantum System Two - Next generation quantum processor dubbed 'Heron', and the modular IBM Quantum System Two unveiled by Big Blue. IBM has unveiled two new quantum developments, with a new series of utility-scale processors housed within a modular quantum system. At its ...
1 year ago Silicon.co.uk

The Dark Side of Digital Reading: E-Books as Corporate Surveillance Tools - Americans are reading digital books at a rate of three out of ten. In a market where the majority of readers are subject to both Big Publishing's greed and those of Big Tech, it is no surprise that these readers are subject to both the greed of Big ...
1 year ago Cysecurity.news

Fake F5 BIG-IP zero-day warning emails push data wipers - The Israel National Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Windows and Linux data wipers. Israel's National Cyber Directorate acts as the CERT responsible for protecting the country ...
1 year ago Bleepingcomputer.com

November 2023's Most Wanted Malware: New AsyncRAT Campaign Discovered while FakeUpdates Re-Entered the Top Ten after Brief Hiatus - Researchers reported on a new AsyncRAT campaign where malicious HTML files were being used to spread the stealthy malware. Our latest Global Threat Index for November 2023 saw researchers discover a AsyncRAT campaign where malicious HTML files were ...
1 year ago Blog.checkpoint.com

Critical Vulnerabilities in Mitel SIP Phones Let Attackers Inject Malicious Commands - Security researchers have discovered two significant vulnerabilities affecting Mitel’s suite of SIP phones that could allow attackers to execute arbitrary commands and upload malicious files. The more severe vulnerability, identified as ...
1 month ago Cybersecuritynews.com CVE-2025-47188

CVE-2018-15322 - On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 ...
5 years ago