Command Injection Vulnerability in F5 BIG-IP Products
CVE-2025-31644

8.5HIGH

Key Information:

Vendor

F5
Status
Big-ip
Vendor
CVE Published:
7 May 2025

Badges

📈 Score: 550👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2025-31644?

CVE-2025-31644 is a command injection vulnerability identified in F5 BIG-IP products, particularly when they are operating in Appliance mode. F5 BIG-IP is a suite of application services that manage traffic across various applications, optimizing performance and enhancing security. The vulnerability permits an authenticated attacker with administrator privileges to execute arbitrary system commands through an undisclosed command in the iControl REST and BIG-IP TMOS Shell (tmsh). This flaw enables an attacker to breach the security boundary of the system, potentially leading to serious ramifications within the organization's network and data integrity.

Potential Impact of CVE-2025-31644

  1. Unauthorized Command Execution: The vulnerability allows attackers to run arbitrary commands, which could lead to unauthorized access to sensitive system functions and data. This capability poses a significant risk of data exfiltration and manipulation.

  2. System Compromise: Exploiting this vulnerability could allow attackers to gain control over the affected systems, enabling them to install malware, alter configurations, or disrupt services, which can have severe operational consequences for organizations.

  3. Segmentation Breach: By bypassing security boundaries, an attacker can traverse network segments and gain access to other critical systems within an organization. This lateral movement can facilitate further attacks or the deployment of ransomware, amplifying the overall impact of the initial breach.

Affected Version(s)

BIG-IP 17.1.0 < 17.1.2.2

BIG-IP 16.1.0 < 16.1.6

BIG-IP 15.1.0 < 15.1.10.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-31644
Created by mbadanoiu

News Articles

favicon imageCybersecurityNews

F5 BIG-IP Command Injection Vulnerability Let Attackers Execute Arbitrary System Commands

F5 Networks has disclosed a high-severity command injection vulnerability (CVE-2025-31644) in its BIG-IP products running in Appliance mode. 

3 days ago

References

https://my.f5.com/manage/s/article/K000148591
vendor-advisory

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 📰

    First article discovered by CybersecurityNews

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

F5 acknowledges Matei "Mal" Badanoiu @ Deloitte for bringing this issue to our attention and following the highest standards of coordinated disclosure.
.
CVE-2025-31644 : Command Injection Vulnerability in F5 BIG-IP Products