AI description
CVE-2025-31644 is a command injection vulnerability affecting F5 BIG-IP products when running in Appliance mode. It exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command. An authenticated attacker with administrator role privileges could exploit this vulnerability to execute arbitrary system commands. Successful exploitation allows the attacker to bypass Appliance mode security and cross security boundaries.
- Description
- When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- Source
- f5sirt@f5.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.5
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Secondary
- Base score
- 8.7
- Impact score
- 5.8
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
- Severity
- HIGH
- f5sirt@f5.com
- CWE-77
- Hype score
- Not currently trending
CVE-2025-31644: Command Injection in Appliance mode in F5 BIG-IP https://t.co/hULIOF9bwT
@momika233
14 May 2025
4580 Impressions
18 Retweets
79 Likes
19 Bookmarks
1 Reply
0 Quotes
🚀🔒 @F5 BIG-IP: 𝙲𝚘𝚖𝚖𝚊𝚗𝚍 𝙸𝚗𝚓𝚎𝚌𝚝𝚒𝚘𝚗 𝚅𝚞𝚕𝚗𝚎𝚛𝚊𝚋𝚒𝚕𝚒𝚝𝚢 #cyber_security_highlights 💡 𝙾𝚟𝚎𝚛𝚟𝚒𝚎𝚠: F5 Networks has disclosed a critical command-injection flaw (CVE-2025-
@MahRabie
13 May 2025
31 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
F5 Networks a divulgué une vulnérabilité d'injection de commande de haute sévérité (CVE-2025-31644) dans ses produits BIG-IP fonctionnant en mode Appliance, permettant aux attaquants de contourner les restrictions de sécurité de ce dernier. https://t.co/x88IE2EVmw
@cert_ist
13 May 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-31644: Command Injection' in F5 BIG-IP, 8.7 rating❗️ Vuln in the "file" param of the "save" command allows authenticated attackers to execute arbitrary commands. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/CgBDCmOaT9 #cybersecurity #vulnerability_ma
@Netlas_io
13 May 2025
70 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-31644 Exploit Grants Root Access on F5 BIG-IP via Appliance Mode Command Injection 🔥PoC: https://t.co/CYVqpmjLj7 🎯2.7m+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/pTLpgAh0HY FOFA Query:app="f5-BIGIP" https:
@fofabot
13 May 2025
1862 Impressions
6 Retweets
18 Likes
8 Bookmarks
0 Replies
0 Quotes
Inyección de comandos en modo Appliance en F5 BIG-IP CVE-2025-31644 https://t.co/pwgiP5KY3p https://t.co/MO80AUqZC9
@elhackernet
13 May 2025
1979 Impressions
4 Retweets
11 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - mbadanoiu/CVE-2025-31644: CVE-2025-31644: Command Injection in Appliance mode in F5 BIG-IP - https://t.co/IVxKcRrXCD
@piedpiper1616
13 May 2025
2211 Impressions
19 Retweets
46 Likes
17 Bookmarks
0 Replies
0 Quotes
PoC Released: CVE-2025-31644 Exploit Grants Root Access on F5 BIG-IP via Appliance Mode Command Injection https://t.co/Vvh3GaO4nW
@Dinosn
13 May 2025
9901 Impressions
52 Retweets
148 Likes
44 Bookmarks
2 Replies
2 Quotes
⚡️The vulnerability details are now available: https://t.co/s0v5FNvZWi 🚨🚨CVE-2025-31644 (CVSS 8.7) exposes a serious exploit for F5 BIG-IP! Authenticated admins can exploit a command injection flaw in Appliance Mode to gain ROOT ACCESS and cross security boundaries.
@zoomeye_team
13 May 2025
1253 Impressions
7 Retweets
18 Likes
8 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-31644 : Appliance mode BIG-IP iControl REST and tmsh vulnerability 🔥PoC : https://t.co/yY4dk64OYw 🧐Learn More: https://t.co/AAPG04LEGf 📊3.2M+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/x7B0YPZ6Wf 👇Quer
@HunterMapping
13 May 2025
5000 Impressions
43 Retweets
95 Likes
36 Bookmarks
0 Replies
1 Quote
F5のBIG-IPシステム(Applianceモード)に深刻な脆弱性が発見された(CVE-2025-31644)。iControl REST APIおよびTMSH CLIを通じて管理者が任意のbashコマンドを実行し、root権限を取得できる可能性がある。
@yousukezan
13 May 2025
612 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
PoC Released: CVE-2025-31644 Exploit Grants Root Access on F5 BIG-IP via Appliance Mode Command Injection https://t.co/vLFee5JcrG
@the_yellow_fall
13 May 2025
1494 Impressions
11 Retweets
25 Likes
8 Bookmarks
0 Replies
1 Quote
⚠️Vulnerabilidades identificadas en productos de F5 ❗CVE-2025-46265 ❗CVE-2025-31644 ❗CVE-2025-36546 ➡️Más info: https://t.co/qE4ixwva7b https://t.co/TgbB3oAUuw
@CERTpy
12 May 2025
217 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-31644 🔴 HIGH (8.7) 🏢 F5 - BIG-IP 🏗️ 17.5.0 🔗 https://t.co/dAvIccDWsE #CyberCron #VulnAlert #InfoSec https://t.co/CEjya4quVp
@cybercronai
8 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes