mbadanoiu/CVE-2025-20029

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
F5 - CVE-2025-20029.pdf		F5 - CVE-2025-20029.pdf
README.md		README.md

Repository files navigation

CVE-2025-20029: Command Injection in TMSH CLI in F5 BIG-IP

A command injection vulnerability exists in the F5 "tmsh" restricted CLI which allows an authenticated attacker to leverage the commands accessible by a low privilege user in order to bypass restrictions, inject arbitrary commands and obtain remote code execution as the "root" user on the target system.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Requirements:

This vulnerability requires:

Valid user credentials
The capability to send requests to the iControl REST component and/or the capability to execute tmsh commands

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

About

CVE-2025-20029: Command Injection in TMSH CLI in F5 BIG-IP

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

mbadanoiu/CVE-2025-20029

Folders and files

Latest commit

History

Repository files navigation

CVE-2025-20029: Command Injection in TMSH CLI in F5 BIG-IP

Vendor Disclosure:

Requirements:

Proof Of Concept:

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks