Primary

Context

F5 BIG-IP Next Central Manager Kubernetes Service Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in F5 BIG-IP Next Central Manager versions 20.2.0 to 20.2.1. When BIG-IP Next Central Manager is active, certain undisclosed requests to its API can lead to the termination of the Kubernetes service on the BIG-IP Next Central Manager Node. This issue affects only the control plane, with no exposure to the data plane.

Impact

Exploitation of this vulnerability can cause the BIG-IP Next Central Manager to become unavailable, disrupting management of Kubernetes services.

Remediation

Users can upgrade to BIG-IP Next Central Manager version 20.3.0 to address this vulnerability. For guidance on managing BIG-IP product hotfixes, refer to the F5 article K13123.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

4.9

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

4.9

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

F5 BIG-IP Next Central Manager Kubernetes Service Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

F5 BIG-IP Next Central Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating