Primary

Context

F5 BIG-IP Configuration Utility Cross-Site Request Forgery Vulnerability

Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in the dashboard of the F5 BIG-IP Configuration utility. This vulnerability allows remote, unauthenticated attackers to trick authenticated users into sending crafted requests, potentially leading to unauthorized creation, modification, or deletion of dashboard items.

Impact

Exploitation of this vulnerability could allow an attacker to manipulate the BIG-IP Configuration utility dashboard on behalf of an authenticated user, including creating, modifying, or deleting dashboard items.

Remediation

Users can upgrade to BIG-IP versions 17.5.1.4, 17.1.3.1, or any later version in the same branch. For more information, refer to the F5 BIG-IP hotfix and point release matrix.

Added: May 13, 2026, 6:06 PM

Updated: May 13, 2026, 6:06 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

F5 BIG-IP Configuration Utility Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

F5 BIG-IP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating