Big IP Spk
by F5, Inc.
CVEs (22)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-61990 | 0.00 | — | 0.00 | Oct 15, 2025 | When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2025-61974 | 0.00 | — | 0.00 | Oct 15, 2025 | When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2025-58120 | 0.00 | — | 0.00 | Oct 15, 2025 | When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2025-54805 | 0.00 | — | 0.00 | Oct 15, 2025 | When an iRule is configured on a virtual server via the declarative API, upon re-instantiation, the cleanup process can cause an increase in the Traffic Management Microkernel (TMM) memory resource utilization. Note: Software versions which have reached End of Technical… | |||
| CVE-2025-55670 | 0.00 | — | 0.00 | Oct 15, 2025 | On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for Kubernetes systems, repeated undisclosed API calls can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2025-46706 | 0.00 | — | 0.00 | Oct 15, 2025 | When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2025-48008 | 0.00 | — | 0.00 | Oct 15, 2025 | When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of… | |||
| CVE-2025-60016 | 0.00 | — | 0.00 | Oct 15, 2025 | When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group, and that profile is applied to a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to… | |||
| CVE-2025-54500 | 0.00 | — | 0.00 | Aug 13, 2025 | An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Note: Software versions which have reached End of Technical Support (EoTS) are not… | |||
| CVE-2025-36504 | 0.00 | — | 0.00 | May 7, 2025 | When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2025-41414 | 0.00 | — | 0.00 | May 7, 2025 | When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||
| CVE-2025-36557 | 0.00 | — | 0.00 | May 7, 2025 | When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2025-41399 | 0.00 | — | 0.00 | May 7, 2025 | When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2025-22846 | 0.00 | — | 0.00 | Feb 5, 2025 | When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not… | |||
| CVE-2024-41164 | 0.00 | — | 0.00 | Aug 14, 2024 | When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not… | |||
| CVE-2024-23306 | 0.00 | — | 0.00 | Feb 14, 2024 | A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||
| CVE-2024-23314 | 0.00 | — | 0.01 | Feb 14, 2024 | When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||
| CVE-2023-45226 | 0.00 | — | 0.00 | Oct 10, 2023 | The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only… | |||
| CVE-2023-40534 | 0.00 | — | 0.01 | Oct 10, 2023 | When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions… | |||
| CVE-2023-24594 | 0.00 | — | 0.01 | May 3, 2023 | When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
- CVE-2025-61990Oct 15, 2025risk 0.00cvss —epss 0.00
When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2025-61974Oct 15, 2025risk 0.00cvss —epss 0.00
When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2025-58120Oct 15, 2025risk 0.00cvss —epss 0.00
When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2025-54805Oct 15, 2025risk 0.00cvss —epss 0.00
When an iRule is configured on a virtual server via the declarative API, upon re-instantiation, the cleanup process can cause an increase in the Traffic Management Microkernel (TMM) memory resource utilization. Note: Software versions which have reached End of Technical…
- CVE-2025-55670Oct 15, 2025risk 0.00cvss —epss 0.00
On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for Kubernetes systems, repeated undisclosed API calls can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2025-46706Oct 15, 2025risk 0.00cvss —epss 0.00
When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2025-48008Oct 15, 2025risk 0.00cvss —epss 0.00
When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of…
- CVE-2025-60016Oct 15, 2025risk 0.00cvss —epss 0.00
When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group, and that profile is applied to a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to…
- CVE-2025-54500Aug 13, 2025risk 0.00cvss —epss 0.00
An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Note: Software versions which have reached End of Technical Support (EoTS) are not…
- CVE-2025-36504May 7, 2025risk 0.00cvss —epss 0.00
When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2025-41414May 7, 2025risk 0.00cvss —epss 0.00
When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
- CVE-2025-36557May 7, 2025risk 0.00cvss —epss 0.00
When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2025-41399May 7, 2025risk 0.00cvss —epss 0.00
When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2025-22846Feb 5, 2025risk 0.00cvss —epss 0.00
When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not…
- CVE-2024-41164Aug 14, 2024risk 0.00cvss —epss 0.00
When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not…
- CVE-2024-23306Feb 14, 2024risk 0.00cvss —epss 0.00
A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
- CVE-2024-23314Feb 14, 2024risk 0.00cvss —epss 0.01
When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
- CVE-2023-45226Oct 10, 2023risk 0.00cvss —epss 0.00
The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only…
- CVE-2023-40534Oct 10, 2023risk 0.00cvss —epss 0.01
When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions…
- CVE-2023-24594May 3, 2023risk 0.00cvss —epss 0.01
When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Page 1 of 2