Vulnerabilities in F5

404 results
Vexday analysis

Com 404 CVEs catalogadas e taxa de exploração ativa 2,2 vezes acima da média geral do catálogo CISA KEV, os produtos F5 exigem atenção redobrada na priorização de correções. O destaque mais crítico é CVE-2022-1388, com escore EPSS de 0,9996 — indicando probabilidade extremamente alta de exploração ativa —, o que a posiciona como prioridade imediata de remediação. A presença de 8 CVEs com PoC pública e 9 de severidade crítica amplia a superfície de risco explorável, especialmente considerando que 59 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo relevante de descobertas recentes. O tipo de falha mais comum, CWE-476 (null pointer dereference), sugere oportunidades de melhoria estrutural no ciclo de desenvolvimento seguro, embora as explorações confirmadas tendam a concentrar-se nas falhas de controle de acesso e execução remota.

CVE-2024-32761MEDIUMBIG-IP TMM tenants on VELOS and rSeries vulnerabilityEPSS 0.5%CVE-2025-54500MEDIUMHTTP/2 VulnerabilityEPSS 0.5%CVE-2023-40537HIGHMulti-blade VIPRION Configuration utility session cookie vulnerabilityEPSS 0.5%CVE-2023-38419MEDIUMBIG-IP and BIG-IQ iControl SOAP vulnerabilityEPSS 0.5%CVE-2024-37028MEDIUMBIG-IP Next Central Manager vulnerabilityEPSS 0.4%CVE-2022-33968LOWBIG-IP LTM and APM NTLM vulnerability CVE-2022-33968EPSS 0.4%CVE-2022-32455HIGHTMM vulnerability CVE-2022-32455EPSS 0.4%CVE-2022-27659MEDIUMOn F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, an authenticated aEPSS 0.4%CVE-2023-22657HIGHF5OS vulnerabilityEPSS 0.4%CVE-2024-28889MEDIUM BIG-IP SSL vulnerabilityEPSS 0.4%CVE-2022-27880MEDIUMOn F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability existsEPSS 0.4%CVE-2022-27662MEDIUMOn F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exiEPSS 0.4%CVE-2024-41164HIGHBIG-IP MPTCP vulnerabilityEPSS 0.4%CVE-2023-43746HIGHBIG-IP Appliance mode external monitor vulnerabilityEPSS 0.4%CVE-2022-26340MEDIUMOn F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior EPSS 0.4%CVE-2025-61974HIGHBIG-IP SSL/TLS vulnerabilityEPSS 0.4%CVE-2025-21091HIGHBIG-IP SNMP vulnerabilityEPSS 0.4%CVE-2022-35272HIGHBIG-IP HTTP MRF vulnerability CVE-2022-35272EPSS 0.4%CVE-2024-39809HIGHBIG-IP Next Central Manager vulnerabilityEPSS 0.4%CVE-2025-53868HIGHBIG-IP SCP and SFTP vulnerabilityEPSS 0.4%