F5 BIG-IP Access Policy Manager (APM)16.1.4.2

CPE Details

F5 BIG-IP Access Policy Manager (APM)16.1.4.2
f5
big-ip_access_policy_manager
16.1.4.2
2025-08-08
16h55 +00:00
2025-08-08
16h55 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.4.2:*:*:*:*:*:*:*

Informations

Vendor

f5

Product

big-ip_access_policy_manager

Version

16.1.4.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-61990 2025-10-15 15h19 +00:00 When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
8.7
High
CVE-2025-61933 2025-10-15 15h19 +00:00 A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
5.1
Medium
CVE-2025-58071 2025-10-15 15h19 +00:00 When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
8.7
High
CVE-2025-59483 2025-10-15 13h55 +00:00 A validation vulnerability exists in an undisclosed URL in the Configuration utility.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
8.5
High
CVE-2025-59481 2025-10-15 13h55 +00:00 A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges.  A successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
8.5
High
CVE-2025-61960 2025-10-15 13h55 +00:00 When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
8.7
High
CVE-2025-61958 2025-10-15 13h55 +00:00 A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and gain access to a bash shell.  For BIG-IP systems running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
8.5
High
CVE-2025-58096 2025-10-15 13h55 +00:00 When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
8.2
High
CVE-2025-61951 2025-10-15 13h55 +00:00 Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  This issue may occur when a Datagram Transport Layer Security (DTLS) 1.2 virtual server is enabled with a Server SSL profile that is configured with a certificate, key, and the SSL Sign Hash set to ANY, and the backend server is enabled with DTLS 1.2 and client authentication.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
8.7
High
CVE-2025-58153 2025-10-15 13h55 +00:00 Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a High-Speed Bridge (HSB) may experience a lockup of the HSB.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
8.2
High
CVE-2025-59269 2025-10-15 13h55 +00:00 A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
8.4
High
CVE-2025-59268 2025-10-15 13h55 +00:00 On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
6.9
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.