CVE-2025-61935 HIGH

CVE-2025-61935: BIG-IP Advanced WAF and ASM vulnerability

Vendor F5

Product BIG-IP

Weakness CWE-252

Published October 15, 2025

Last update February 26, 2026

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Key dates

02Disclosure timeline

October 15, 2025 CVE published

February 26, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-61935

Related vulnerabilities

Identifiers

CVE CVE-2025-61935

CWE CWE-252

CVSS 7.5 / HIGH

Affected versions

Vendor F5

Product BIG-IP

Affected ≥ 17.5.0 and < 17.5.1

Vendor F5

Product BIG-IP

Affected ≥ 17.1.0 and < 17.1.3

Vendor F5

Product BIG-IP

Affected ≥ 15.1.0 and < 15.1.10.8

CVE-2025-61935: BIG-IP Advanced WAF and ASM vulnerability

01Description

02Disclosure timeline

03References

04Related CVE