Detections
Analytics

CVE-2025-59481

high

Description

A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

References

https://my.f5.com/manage/s/article/K000156642

https://my.f5.com/manage/s/article/K000156572

Details

Source: Mitre, NVD

Published: 2025-10-15

Updated: 2025-10-16

Risk Information

CVSS v2

Base Score: 7.7

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:N

Severity: High

CVSS v3

Base Score: 8.7

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Severity: High

CVSS v4

Base Score: 8.5

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00051

Vulnerability Watch

Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.

Vulnerability Being Monitored