Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025021109020202 | Publication Time | 2025/02/11 09:55 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/02/11 09:55 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】F5 BIG-IP Security Vulnerability (CVE-2025-20029) – Immediate Mitigation Required |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202502-00000054 Security researchers have discovered an OS Command Injection vulnerability (CVE-2025-20029) in F5 BIG-IP. A remote attacker with standard user privileges can exploit this vulnerability to execute arbitrary operating system commands. Immediate verification and patching are strongly recommended. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] Security researchers have discovered an OS Command Injection vulnerability (CVE-2025-20029) in F5 BIG-IP. A remote attacker with standard user privileges can exploit this vulnerability to execute arbitrary operating system commands. Immediate verification and patching are strongly recommended. |
|||
| [Recommended Actions] F5 has released security updates to address this vulnerability. Please refer to the official advisory at: https://my.f5.com/manage/s/article/K000148587 |
|||
| [Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2025-20029 2. https://my.f5.com/manage/s/article/K000148587 |
|||