Skip to content
/ CVE-2025-20029 Public

CVE-2025-20029: Command Injection in TMSH CLI in F5 BIG-IP

20 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mbadanoiu/CVE-2025-20029

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
F5 - CVE-2025-20029.pdf
F5 - CVE-2025-20029.pdf
 
 
README.md
README.md
 
 

Repository files navigation

CVE-2025-20029: Command Injection in TMSH CLI in F5 BIG-IP

A command injection vulnerability exists in the F5 “tmsh” restricted CLI which allows an authenticated attacker to leverage the commands accessible by a low privilege user in order to bypass restrictions, inject arbitrary commands and obtain remote code execution as the “root” user on the target system.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Requirements:

This vulnerability requires:

  • Valid user credentials
  • The capability to send requests to the iControl REST component and/or the capability to execute tmsh commands

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

About

CVE-2025-20029: Command Injection in TMSH CLI in F5 BIG-IP

Topics

authenticated cve command-injection cves 0-day cve-2025-20029

Resources

Readme
Activity

Stars

20 stars

Watchers

1 watching

Forks

5 forks
Report repository