Primary

Context

BIG-IP Appliance Mode iControl REST Vulnerability Bypass

Vulnerability

A vulnerability exists in BIG-IP systems running in Appliance mode, allowing an authenticated attacker with Administrator privileges to bypass Appliance mode restrictions. This could lead to unauthorized access to read and modify arbitrary system files. The issue is confined to the control plane, with no exposure in the data plane.

Impact

Exploitation of this vulnerability could allow an authenticated attacker with Administrator rights to bypass Appliance mode restrictions, potentially leading to unauthorized access and modification of system files.

Remediation

Users can upgrade to BIG-IP versions 17.5.1.6, 17.1.3.2, or 21.0.0.2, depending on their current version. For more information about managing BIG-IP product hotfixes, refer to the F5 article K13123.

Added: May 13, 2026, 5:43 PM

Updated: May 13, 2026, 5:43 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.8

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.8

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BIG-IP Appliance Mode iControl REST Vulnerability Bypass

Vulnerability

Impact

Remediation

Affected Products

F5 BIG-IP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating