Skip to main content

Big Ip Next Central Manager

5 CVEs product

Monthly

CVE-2025-54500 MEDIUM PATCH This Month

An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Big Ip Advanced Web Application Firewall Big Ip Application Security Manager Big Ip Container Ingress Services +24
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-41399 HIGH This Month

When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Web Application Firewall Big Ip Application Security Manager Big Ip Container Ingress Services Big Ip Access Policy Manager +20
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-36504 HIGH This Week

When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Advanced Web Application Firewall Big Ip Application Security Manager Big Ip Container Ingress Services Big Ip Access Policy Manager +20
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-24319 HIGH This Week

When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Big Ip Next Central Manager
NVD
CVSS 4.0
7.1
EPSS
0.8%
CVE-2025-23413 MEDIUM This Month

When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Big Ip Next Central Manager
NVD
CVSS 4.0
6.7
EPSS
0.1%
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Big Ip Advanced Web Application Firewall +26
NVD
EPSS 1% CVSS 8.7
HIGH This Month

When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Web Application Firewall Big Ip Application Security Manager +22
NVD
EPSS 1% CVSS 8.7
HIGH This Week

When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Advanced Web Application Firewall Big Ip Application Security Manager +22
NVD
EPSS 1% CVSS 7.1
HIGH This Week

When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Big Ip Next Central Manager
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Big Ip Next Central Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy