K000151008: Quarterly Security Notification (May 2025) https://my.f5.com/manage/s/article/K000151008

This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. ... You can find the details of each issue in the associated articles. ... You can watch the May 2025 Quarterly Security Notification (QSN) live briefing at 9:00 AM Pacific Time by DevCentral in the following video:

K000148591: Appliance mode BIG-IP iControl REST and tmsh vulnerability CVE-2025-31644 https://my.f5.com/manage/s/article/K000148591

When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands.

K5903: BIG-IP software support policy https://my.f5.com/manage/s/article/K5903

Note: The BIG-IP software support policy described in this article also applies to Virtual Edition (VE) releases of the software. ... Note: The F5 software support policy described in this article does not apply to the F5 BIG-IP Edge Client application software delivered through the Apple App Store or Android Market.

K000140919: BIG-IP HTTP/2 vulnerability CVE-2025-36504 https://my.f5.com/manage/s/article/K000140919

When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. ... System performance can degrade until the Traffic Management Microkernel (TMM) process is either forced to restart or is manually restarted.

K000149952: BIG-IP PEM vulnerability CVE-2025-35995 https://my.f5.com/manage/s/article/K000149952

When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.

NGINX Reverse Proxy | NGINX Documentation https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/

This article describes the basic configuration of a proxy server. ... You will learn how to pass a request from NGINX to proxied servers over different protocols, modify client request headers that are sent to the proxied server, and configure buffering of responses coming from the proxied servers.

K000150598: BIG-IP APM PingAccess vulnerability CVE-2025-36525 https://my.f5.com/manage/s/article/K000150598

When a BIG-IP APM PingAccess profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. ... Traffic is disrupted while the TMM process restarts.

K000150668: TMM vulnerability CVE-2025-41431 https://my.f5.com/manage/s/article/K000150668

When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic group.

K000140937: BIG-IP SIP ALG profile vulnerability CVE-2025-41433 https://my.f5.com/manage/s/article/K000140937

Traffic is disrupted while the TMM process restarts. ... This vulnerability allows a remote, unauthenticated attacker to cause a denial-of-service (DoS) on the BIG-IP system. ... There is no control plane exposure; this is a data plane issue only.

K7727: License activation may be required before a software upgrade for BIG-IP https://my.f5.com/manage/s/article/K7727

K15365: License activation may be required prior to software upgrade for the BIG-IQ system ... After performing an upgrade to a new major or minor release, and upon booting into the new version, the BIG-IP licensing system needs to verify that the static license check date in your BIG-IP version against the service check date in the license file.