CVE-2025-23239

{"id": "CVE-2025-23239", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "f5sirt@f5.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}], "cvssMetricV40": [{"type": "Secondary", "source": "f5sirt@f5.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-02-05T18:15:31.373", "references": [{"url": "https://my.f5.com/manage/s/article/K000138757", "tags": ["Vendor Advisory"], "source": "f5sirt@f5.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "f5sirt@f5.com", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary.\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}, {"lang": "es", "value": "Cuando se ejecuta en modo de dispositivo, existe una vulnerabilidad de inyecci\u00f3n de comandos remotos autenticados en un endpoint REST de iControl no revelado. Una explotaci\u00f3n exitosa puede permitir que el atacante cruce un l\u00edmite de seguridad. Nota: Las versiones de software que han alcanzado el fin del soporte t\u00e9cnico (EoTS) no se eval\u00faan."}], "lastModified": "2025-08-06T16:23:09.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B174875C-196E-4498-8B9D-920DCC437A9D"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80C0D584-36AD-43FF-BB2B-5D23E58F86A6"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04CA832A-0B44-4ED3-982C-64383EAD2CA4"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CC6C0B1-3A80-4D8C-8CFC-B921A4572B0B"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE41667C-F5FE-48F9-9555-EE191618E890"}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46A89A92-1E58-49B4-9A09-97D5D1D1BFE3"}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FED059F5-6FCB-40AB-A72B-8042075C2DFD"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9FFD39E-D450-4CFE-A349-5D296CB4D937"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA40288B-D088-4C4B-A848-C289FAC20764"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92FF1ECD-F7B7-4618-BF7F-769B58B4BF7C"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54FC4AB6-825A-418E-A625-F76602A4B57B"}], "operator": "OR"}]}], "sourceIdentifier": "f5sirt@f5.com"}