CVE-2025-23239
Published: 05 February 2025
Description
When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Security Summary
CVE-2025-23239 is an authenticated remote command injection vulnerability (CWE-77) affecting an undisclosed iControl REST endpoint in F5 BIG-IP systems when running in Appliance mode. It requires the attacker to be logged in with a highly-privileged role. The vulnerability has a CVSS v3.1 base score of 8.7 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N), indicating high severity due to network accessibility, low attack complexity, required high privileges, no user interaction, changed scope, and high impacts to confidentiality and integrity.
An attacker with a highly-privileged account can exploit this remotely by sending malicious input to the vulnerable iControl REST endpoint, enabling command injection. Successful exploitation allows the attacker to cross a security boundary, potentially leading to unauthorized access, data exfiltration, or system modification within the affected F5 environment.
The F5 security advisory at https://my.f5.com/manage/s/article/K000138757 provides details on affected versions, patches, and mitigation steps. Note that software versions which have reached End of Technical Support (EoTS) are not evaluated for fixes.
Details
- CWE(s)