{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T08:03:14.494","vulnerabilities":[{"cve":{"id":"CVE-2025-23239","sourceIdentifier":"f5sirt@f5.com","published":"2025-02-05T18:15:31.373","lastModified":"2026-02-04T17:47:11.010","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary.\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."},{"lang":"es","value":"Cuando se ejecuta en modo de dispositivo, existe una vulnerabilidad de inyección de comandos remotos autenticados en un endpoint REST de iControl no revelado. Una explotación exitosa puede permitir que el atacante cruce un límite de seguridad. Nota: Las versiones de software que han alcanzado el fin del soporte técnico (EoTS) no se evalúan."}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B174875C-196E-4498-8B9D-920DCC437A9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.1:*:*:*:*:*:*:*","matchCriteriaId":"80C0D584-36AD-43FF-BB2B-5D23E58F86A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:17.1.1:*:*:*:*:*:*:*","matchCriteriaId":"04CA832A-0B44-4ED3-982C-64383EAD2CA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.1:*:*:*:*:*:*:*","matchCriteriaId":"8CC6C0B1-3A80-4D8C-8CFC-B921A4572B0B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:17.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FE41667C-F5FE-48F9-9555-EE191618E890"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:17.1.1:*:*:*:*:*:*:*","matchCriteriaId":"46A89A92-1E58-49B4-9A09-97D5D1D1BFE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FED059F5-6FCB-40AB-A72B-8042075C2DFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.1:*:*:*:*:*:*:*","matchCriteriaId":"A9FFD39E-D450-4CFE-A349-5D296CB4D937"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:17.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FA40288B-D088-4C4B-A848-C289FAC20764"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.1:*:*:*:*:*:*:*","matchCriteriaId":"92FF1ECD-F7B7-4618-BF7F-769B58B4BF7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.1:*:*:*:*:*:*:*","matchCriteriaId":"54FC4AB6-825A-418E-A625-F76602A4B57B"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000138757","source":"f5sirt@f5.com","tags":["Vendor Advisory"]}]}}]}