Command Injection Vulnerability in F5 BIG-IP Products
CVE-2025-31644
Key Information:
Badges
What is CVE-2025-31644?
CVE-2025-31644 is a command injection vulnerability identified in F5 BIG-IP products, particularly when they are operating in Appliance mode. F5 BIG-IP is a suite of application services that manage traffic across various applications, optimizing performance and enhancing security. The vulnerability permits an authenticated attacker with administrator privileges to execute arbitrary system commands through an undisclosed command in the iControl REST and BIG-IP TMOS Shell (tmsh). This flaw enables an attacker to breach the security boundary of the system, potentially leading to serious ramifications within the organization's network and data integrity.
Potential Impact of CVE-2025-31644
-
Unauthorized Command Execution: The vulnerability allows attackers to run arbitrary commands, which could lead to unauthorized access to sensitive system functions and data. This capability poses a significant risk of data exfiltration and manipulation.
-
System Compromise: Exploiting this vulnerability could allow attackers to gain control over the affected systems, enabling them to install malware, alter configurations, or disrupt services, which can have severe operational consequences for organizations.
-
Segmentation Breach: By bypassing security boundaries, an attacker can traverse network segments and gain access to other critical systems within an organization. This lateral movement can facilitate further attacks or the deployment of ransomware, amplifying the overall impact of the initial breach.
Affected Version(s)
BIG-IP 17.1.0 < 17.1.2.2
BIG-IP 16.1.0 < 16.1.6
BIG-IP 15.1.0 < 15.1.10.7
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles

CVE-2025-31644 보관 - ASEC
MENU Threat Resources Malware Dark Web Vulnerabilities Phishing/Scam CERT Smishing EndPoint Mobile Networks APT Trend Daily Threats Security...
3 weeks ago

F5 Product Update Advisory (CVE-2025-31644) - ASEC
Overview We have released security updates to fix vulnerabilities in F5 products. Users of affected products are advised to update to the latest version. Affected Products CVE-2025-31644 BIG-IP (all modules) Versions: 17.1.0 and later to 17.1.2 and earlierBIG-IP (all modules) Versions: 16.1...
3 weeks ago
CVE-2025-31644 : When running in Appliance mode, a command injection vulnerability exists in an u
CVE-2025-31644 : When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which ma
3 weeks ago
References
CVSS V4
Timeline
- 📈
Vulnerability started trending
- 📰
First article discovered by CybersecurityNews
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved