MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2025-61958

🔴 HIGH

A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and gain access to a bash shell.  For BIG...

Published
Oct 15, 2025
Last Modified
Oct 21, 2025
Views
8
Bookmarks
0

Description

Request Expert Review

A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and gain access to a bash shell.  For BIG-IP systems running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Products (21)

f5 - big-ip_access_policy_manager

Version: *

f5 - big-ip_advanced_firewall_manager

Version: *

f5 - big-ip_advanced_web_application_firewall

Version: *

f5 - big-ip_analytics

Version: *

f5 - big-ip_application_acceleration_manager

Version: *

f5 - big-ip_application_security_manager

Version: *

f5 - big-ip_application_visibility_and_reporting

Version: *

f5 - big-ip_automation_toolchain

Version: *

f5 - big-ip_carrier-grade_nat

Version: *

f5 - big-ip_container_ingress_services

Version: *

f5 - big-ip_ddos_hybrid_defender

Version: *

f5 - big-ip_domain_name_system

Version: *

f5 - big-ip_edge_gateway

Version: *

f5 - big-ip_fraud_protection_service

Version: *

f5 - big-ip_global_traffic_manager

Version: *

f5 - big-ip_link_controller

Version: *

f5 - big-ip_local_traffic_manager

Version: *

f5 - big-ip_policy_enforcement_manager

Version: *

f5 - big-ip_ssl_orchestrator

Version: *

f5 - big-ip_webaccelerator

Version: *

f5 - big-ip_websafe

Version: *

CVSS Scores

CVSS 3.1 8.7
8.7
HIGH
CVSS 2.0 8.7

References

my.f5.com

Additional Information

Source
f5sirt@f5.com
State
Analyzed

Related CVEs

CVE-2025-14029

MEDIUM

The Community Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_admin_event...

Score: 5.3

CVE-2025-12825

MEDIUM

The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the...

Score: 5.3

CVE-2025-12168

MEDIUM

The Phrase TMS Integration for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on...

Score: 4.3

CVE-2026-0820

MEDIUM

The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference due to missing...

Score: 5.3

CVE-2026-0682

LOW

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient va...

Score: 2.2

CVE-2025-14463

MEDIUM

The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This i...

Score: 5.3

Share CVE-2025-61958

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-61958 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis