F5 BIG-IP Configuration utility
Moderate fix4 remedies
cpe:2.3:a:f5:big-ip_configuration_utility:*:*:*:*:*:*:*
Moderate fix4 remedies
- >= 17.5.0, <= 17.5.1
- >= 17.1.0, <= 17.1.2
- >= 16.1.0, <= 16.1.6
- >= 15.1.0, <= 15.1.10
F5 BIG-IP and BIG-IQ Directory Traversal Vulnerability Allowing Unauthorized File Access
Vulnerability
Patched
A directory traversal vulnerability has been identified in the F5 BIG-IP Configuration utility and is present in certain versions of BIG-IP through 17.5.1, 16.1.0 to 16.1.6, and 15.1.0 to 15.1.10. This vulnerability allows authenticated attackers to access files outside of the intended directories. The issue arises from improper neutralization of expression or command delimiters, enabling access to arbitrary files on the system.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the system, potentially allowing for further attacks or information disclosure.
Remediation
Users can upgrade to BIG-IP versions 17.5.1.3, 17.1.3, 16.1.6.1, or 15.1.10.8 to address this vulnerability. For more information about managing BIG-IP product hotfixes, refer to the F5 article K13123.
Added: Oct 15, 2025, 2:36 PM
Updated: Oct 15, 2025, 2:36 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
2.5exploitability
4.9remediation
7.7relevance
0.7threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.