CVE-2025-59483
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-10-21
Assigner: F5 Networks
Description
Description
A validation vulnerability exists in an undisclosed URL in the Configuration utility.Β Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| f5 | big-ip_advanced_firewall_manager | From 16.1.0 (inc) to 16.1.5.2.0.7.5 (inc) |
| f5 | big-ip_advanced_firewall_manager | From 16.1.0 (inc) to 16.1.5.2.0.7.5 (inc) |
| f5 | big-ip_advanced_firewall_manager | From 16.1.0 (inc) to 16.1.5.2.0.7.5 (inc) |
| f5 | big-ip_access_policy_manager | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_advanced_web_application_firewall | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_analytics | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_application_acceleration_manager | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_application_security_manager | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_application_visibility_and_reporting | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_automation_toolchain | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_carrier-grade_nat | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_container_ingress_services | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_ddos_hybrid_defender | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_domain_name_system | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_edge_gateway | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_fraud_protection_service | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_global_traffic_manager | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_link_controller | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_local_traffic_manager | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_policy_enforcement_manager | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_ssl_orchestrator | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_webaccelerator | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_websafe | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_access_policy_manager | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_advanced_web_application_firewall | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_analytics | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_application_acceleration_manager | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_application_security_manager | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_application_visibility_and_reporting | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_automation_toolchain | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_carrier-grade_nat | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_container_ingress_services | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_ddos_hybrid_defender | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_domain_name_system | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_edge_gateway | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_fraud_protection_service | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_global_traffic_manager | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_link_controller | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_local_traffic_manager | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_policy_enforcement_manager | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_ssl_orchestrator | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_webaccelerator | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_websafe | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_access_policy_manager | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_access_policy_manager | From 17.5.0 (inc) to 17.5.1 (inc) |
| f5 | big-ip_advanced_firewall_manager | From 16.1.0 (inc) to 16.1.5.2.0.7.5 (inc) |
| f5 | big-ip_advanced_web_application_firewall | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_advanced_web_application_firewall | From 17.5.0 (inc) to 17.5.1 (inc) |
| f5 | big-ip_analytics | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_analytics | From 17.5.0 (inc) to 17.5.1 (inc) |
| f5 | big-ip_application_acceleration_manager | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_application_acceleration_manager | From 17.5.0 (inc) to 17.5.1 (inc) |
| f5 | big-ip_application_security_manager | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_application_security_manager | From 17.5.0 (inc) to 17.5.1 (inc) |
| f5 | big-ip_application_visibility_and_reporting | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_application_visibility_and_reporting | From 17.5.0 (inc) to 17.5.1 (inc) |
| f5 | big-ip_automation_toolchain | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_automation_toolchain | From 17.5.0 (inc) to 17.5.1 (inc) |
| f5 | big-ip_carrier-grade_nat | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_carrier-grade_nat | From 17.5.0 (inc) to 17.5.1 (inc) |
| f5 | big-ip_container_ingress_services | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_container_ingress_services | From 17.5.0 (inc) to 17.5.1 (inc) |
| f5 | big-ip_ddos_hybrid_defender | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_ddos_hybrid_defender | From 17.5.0 (inc) to 17.5.1 (inc) |
| f5 | big-ip_domain_name_system | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_domain_name_system | From 17.5.0 (inc) to 17.5.1 (inc) |
| f5 | big-ip_edge_gateway | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_edge_gateway | From 17.5.0 (inc) to 17.5.1 (inc) |
| f5 | big-ip_fraud_protection_service | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_fraud_protection_service | From 17.5.0 (inc) to 17.5.1 (inc) |
| f5 | big-ip_global_traffic_manager | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_link_controller | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_link_controller | From 17.5.0 (inc) to 17.5.1 (inc) |
| f5 | big-ip_local_traffic_manager | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_local_traffic_manager | From 17.5.0 (inc) to 17.5.1 (inc) |
| f5 | big-ip_policy_enforcement_manager | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_policy_enforcement_manager | From 17.5.0 (inc) to 17.5.1 (inc) |
| f5 | big-ip_ssl_orchestrator | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_ssl_orchestrator | From 17.5.0 (inc) to 17.5.1 (inc) |
| f5 | big-ip_webaccelerator | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_webaccelerator | From 17.5.0 (inc) to 17.5.1 (inc) |
| f5 | big-ip_websafe | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_websafe | From 17.5.0 (inc) to 17.5.1 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a validation issue in an undisclosed URL within the Configuration utility of the affected software. It means that the software does not properly validate certain inputs or requests, which could potentially be exploited.
How can this vulnerability impact me? :
The vulnerability has a CVSS v3.1 base score of 6.5 and v4.0 base score of 8.5, indicating a high severity. It can lead to high impact on confidentiality and integrity, meaning sensitive information could be exposed or altered by an attacker with high privileges over the network, without user interaction. Availability is not affected.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70