Command Injection Vulnerability in F5 BIG-IP Products
CVE-2025-31644

8.5HIGH

Key Information:

Vendor

F5
Status
Big-ip
Vendor
CVE Published:
7 May 2025

Badges

📈 Trended📈 Score: 2,420👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2025-31644?

CVE-2025-31644 is a command injection vulnerability identified in F5 BIG-IP products, particularly when they are operating in Appliance mode. F5 BIG-IP is a suite of application services that manage traffic across various applications, optimizing performance and enhancing security. The vulnerability permits an authenticated attacker with administrator privileges to execute arbitrary system commands through an undisclosed command in the iControl REST and BIG-IP TMOS Shell (tmsh). This flaw enables an attacker to breach the security boundary of the system, potentially leading to serious ramifications within the organization's network and data integrity.

Potential Impact of CVE-2025-31644

  1. Unauthorized Command Execution: The vulnerability allows attackers to run arbitrary commands, which could lead to unauthorized access to sensitive system functions and data. This capability poses a significant risk of data exfiltration and manipulation.

  2. System Compromise: Exploiting this vulnerability could allow attackers to gain control over the affected systems, enabling them to install malware, alter configurations, or disrupt services, which can have severe operational consequences for organizations.

  3. Segmentation Breach: By bypassing security boundaries, an attacker can traverse network segments and gain access to other critical systems within an organization. This lateral movement can facilitate further attacks or the deployment of ransomware, amplifying the overall impact of the initial breach.

Affected Version(s)

BIG-IP 17.1.0 < 17.1.2.2

BIG-IP 16.1.0 < 16.1.6

BIG-IP 15.1.0 < 15.1.10.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-31644
Created by mbadanoiu

News Articles

favicon imageAhnLab

CVE-2025-31644 보관 - ASEC

MENU Threat Resources Malware Dark Web Vulnerabilities Phishing/Scam CERT Smishing EndPoint Mobile Networks APT Trend Daily Threats Security...

favicon imageAhnLab

F5 Product Update Advisory (CVE-2025-31644) - ASEC

Overview   We have released security updates to fix vulnerabilities in F5 products. Users of affected products are advised to update to the latest version.    Affected Products   CVE-2025-31644   BIG-IP (all modules) Versions: 17.1.0 and later to 17.1.2 and earlierBIG-IP (all modules) Versions: 16.1...

favicon imageCVEDetails

CVE-2025-31644 : When running in Appliance mode, a command injection vulnerability exists in an u

CVE-2025-31644 : When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which ma

References

https://my.f5.com/manage/s/article/K000148591
vendor-advisory

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 📈

    Vulnerability started trending

  • 📰

    First article discovered by CybersecurityNews

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

F5 acknowledges Matei "Mal" Badanoiu @ Deloitte for bringing this issue to our attention and following the highest standards of coordinated disclosure.
.
CVE-2025-31644 : Command Injection Vulnerability in F5 BIG-IP Products