Primary

Context

F5 BIG-IQ iControl REST Arbitrary File Creation or Modification Vulnerability

Vulnerability

Patched

A vulnerability exists in F5 BIG-IQ Centralized Management versions 8.4.0 prior to 8.4.1, allowing authenticated iControl REST users with low privileges to create or modify arbitrary files via an undisclosed iControl REST endpoint. This issue is confined to the control plane, with no exposure to the data plane.

Impact

Exploitation of this vulnerability could enable an authenticated attacker with low privileges to remotely create or modify arbitrary files on the BIG-IQ file system.

Remediation

Users can upgrade to BIG-IQ version 8.4.1 to address this vulnerability. For those unable to upgrade immediately, access to the iControl REST interface can be restricted through self IP addresses or the management interface, limiting exposure to trusted networks or devices.

Added: May 13, 2026, 6:45 PM

Updated: May 13, 2026, 6:45 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.3

remediation

7.9

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.3

remediation

7.9

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

F5 BIG-IQ iControl REST Arbitrary File Creation or Modification Vulnerability

Vulnerability

Impact

Remediation

Affected Products

F5 BIG-IQ

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating