F5 Big-ip Next Service Proxy For Kubernetes — known CVE vulnerabilities
Every CVE whose affected-product data names F5 Big-ip Next Service Proxy For Kubernetes, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2026-40629 — CVSS 7.5 (high): When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client…
CVE-2023-40534 — CVSS 7.5 (high): When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST…
CVE-2025-48008 — CVSS 7.5 (high): When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond…
CVE-2025-58120 — CVSS 7.5 (high): When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software…
CVE-2025-60016 — CVSS 7.5 (high): When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher…
CVE-2025-61974 — CVSS 7.5 (high): When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization…
CVE-2025-61990 — CVSS 7.5 (high): When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to…
CVE-2026-40618 — CVSS 7.5 (high): When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition (VE) without Intel QuickAssist Technology (QAT) or on…
CVE-2023-45886 — CVSS 7.5 (high): The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update…
CVE-2024-23314 — CVSS 7.5 (high): When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to…
CVE-2025-22846 — CVSS 7.5 (high): When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic…
CVE-2025-36504 — CVSS 7.5 (high): When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource…
CVE-2025-36557 — CVSS 7.5 (high): When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic…
CVE-2025-41399 — CVSS 7.5 (high): When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in…
CVE-2025-41414 — CVSS 7.5 (high): When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software…
CVE-2025-46706 — CVSS 7.5 (high): When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory…
CVE-2023-45226 — CVSS 7.4 (high): The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow…
CVE-2025-54805 — CVSS 6.5 (medium): When an iRule is configured on a virtual server via the declarative API, upon re-instantiation, the cleanup process can cause an increase…
CVE-2025-55670 — CVSS 6.5 (medium): On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for Kubernetes systems, repeated undisclosed API calls can cause the Traffic…
CVE-2024-41164 — CVSS 5.9 (medium): When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the…
CVE-2023-24594 — CVSS 5.3 (medium): When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource…
CVE-2025-54500 — CVSS 5.3 (medium): An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max…