Which versions of Big Ip Advanced Web Application Firewall are affected by CVE-2025-20029?

CVE-2025-20029 presents significant security risk, a OS command injection vulnerability rated CVSS 8.7.

How to fix or mitigate CVE-2025-20029?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Validate that input sanitization is in place for all user-controlled parameters.

Big Ip Advanced Web Application Firewall CVE-2025-20029

Q: What is the CVSS score of CVE-2025-20029?

CVE-2025-20029 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 66.2%.

HIGH

OS Command Injection (CWE-78)

2025-02-05 f5sirt@f5.com

Command Injection Big Ip Advanced Web Application Firewall Big Ip Application Security Manager Big Ip Container Ingress Services Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager Big Ip Application Visibility And Reporting Big Ip Automation Toolchain Big Ip Carrier Grade Nat Big Ip Ddos Hybrid Defender Big Ip Domain Name System Big Ip Edge Gateway Big Ip Fraud Protection Service Big Ip Global Traffic Manager Big Ip Link Controller Big Ip Local Traffic Manager Big Ip Policy Enforcement Manager Big Ip Ssl Orchestrator Big Ip Webaccelerator Big Ip Websafe

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:25 vuln.today

CVE Published

Feb 05, 2025 - 18:15 nvd

HIGH 8.7

DescriptionNVD

Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

AnalysisAI

F5 BIG-IP contains an authenticated command injection in the iControl REST API and TMOS Shell (tmsh) save command. Authenticated attackers can inject system commands through crafted save operations, executing arbitrary code on the BIG-IP appliance which typically handles load balancing and SSL termination for critical application infrastructure.

Technical ContextAI

The tmsh save command processes user-supplied parameters without adequate sanitization before passing them to underlying system commands. An authenticated user with access to iControl REST or tmsh can inject shell metacharacters that execute arbitrary commands. BIG-IP appliances run a modified Linux OS and the exploitation context provides access to TLS private keys, configuration secrets, and network traffic.

RemediationAI

Apply the latest F5 security hotfix. Restrict iControl REST access to management networks only. Implement multi-factor authentication for BIG-IP admin access. Monitor tmsh command logs for unusual save operations. Rotate TLS certificates if compromise is suspected.

CVE-2025-20029 vulnerability details – vuln.today

Back

Big Ip Advanced Web Application Firewall CVE-2025-20029

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

Big Ip Advanced Web Application Firewall CVE-2025-20029

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code