Skip to main content

One of the 13 high impact advisories addresses the command injection vulnerability CVE-2025-20029, which could lead to arbitrary system command execution

Threat ID:CC-4617
Threat Severity:Medium
Published:24 February 2025 1:31 PM

Summary

One of the 13 high impact advisories addresses the command injection vulnerability CVE-2025-20029, which could lead to arbitrary system command execution

Affected platforms

The following platforms are known to be affected:

The following platforms are also known to be affected:

  • NGINX Plus
  • NGINX Open Source

Threat details

Proof-of-concept released for CVE-2025-20029

A proof-of-concept has been released for the vulnerability CVE-2025-20029. Exploitation is considered more likely.


Introduction

F5 has released an overview of vulnerabilities for some of their networking products, including BIG-IP and BIG-IP Next. The overview of security advisories addresses 13 vulnerabilities rated as high impact, 3 rated as medium impact, and 1 as low impact.

One of the high impact advisories concerns the command injection vulnerability CVE-2025-20029, which has a CVSSv4 score 8.7 and could allow an authenticated attacker to execute arbitrary system commands.

Threat updates

   
24 Feb 2025 Cyber Alert updated to reflect the release of a proof-of-concept for CVE-2025-20029

Remediation advice

Affected organisations are strongly encouraged to review K000149540: Quarterly Security Notification (February 2025) and apply any relevant updates or mitigation.

Definitive source of threat updates

CVE Vulnerabilities

StatusPublished
CVE-2025-20029Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
StatusPublished
CVE-2025-23239When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
StatusPublished
CVE-2025-24320A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. This vulnerability is due to an incomplete fix for CVE-2024-31156 https://my.f5.com/manage/s/article/K000138636 .  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
StatusPublished
CVE-2025-21087When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
StatusPublished
CVE-2025-20045When SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled and SIP router ALG profile are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
StatusPublished
CVE-2025-22846When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
StatusPublished
CVE-2025-22891When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
StatusPublished
CVE-2025-24497When URL categorization is configured on a virtual server, undisclosed requests can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
StatusPublished
CVE-2025-21091When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
StatusPublished
CVE-2025-20058When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
StatusPublished
CVE-2025-24326When BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS Signatures feature is configured, undisclosed traffic can case an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
StatusPublished
CVE-2025-23412When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
StatusPublished
CVE-2025-24312When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in CPU resource utilization.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Last edited: 24 February 2025 1:31 pm

Back to top