CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2025-53521(2)	High	19.2%	F5BIG-IP	F5 BIG-IP APM contains an unspecified vulnerability that could allow a threat actor to achieve remote code execution.	Mar 27, 2026	KEV
CVE-2023-46748	High	4.3%	F5BIG-IP Configuration Utility	F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46747.	Oct 31, 2023	KEV
CVE-2023-46747	High	94.4%	F5BIG-IP Configuration Utility	F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46748.	Oct 31, 2023	KEV
CVE-2022-1388	High 9.8	94.5%	F5BIG-IP	F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services.	May 10, 2022	KEVExploit
CVE-2021-22991	High	73.1%	F5BIG-IP Traffic Management Microkernel	The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls.	Jan 18, 2022	KEV
CVE-2020-5902	High	94.4%	F5BIG-IP	F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages.	Nov 3, 2021	KEV
CVE-2021-22986	High 9.8	94.5%	F5BIG-IP and BIG-IQ Centralized Management	F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system commands, create or delete files, and disable services.	Nov 3, 2021	KEVExploit

CVE-2025-53521KEV

High

F5 BIG-IP APM contains an unspecified vulnerability that could allow a threat actor to achieve remote code execution.

F5EPSS 19.2%

CVE-2023-46748KEV

High

F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46747.

F5EPSS 4.3%

CVE-2023-46747KEV

High

F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46748.

F5EPSS 94.4%

CVE-2022-1388KEV

High

F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services.

The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls.

F5EPSS 73.1%

CVE-2020-5902KEV

High

F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages.

F5EPSS 94.4%

CVE-2021-22986KEV

High

F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system commands, create or delete files, and disable services.

F5CVSS 9.8EPSS 94.5%

Exploit