CVE-2025-36504 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
f5	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 26%

Vendor	Product	Version
f5	big-ip_access_policy_manager	16.1.0 ≤ 𝑥 < 16.1.6
f5	big-ip_advanced_firewall_manager	16.1.0 ≤ 𝑥 < 16.1.6
f5	big-ip_advanced_web_application_firewall	16.1.0 ≤ 𝑥 < 16.1.6
f5	big-ip_analytics	16.1.0 ≤ 𝑥 < 16.1.6
f5	big-ip_application_acceleration_manager	16.1.0 ≤ 𝑥 < 16.1.6
f5	big-ip_application_security_manager	16.1.0 ≤ 𝑥 < 16.1.6
f5	big-ip_application_visibility_and_reporting	16.1.0 ≤ 𝑥 < 16.1.6
f5	big-ip_automation_toolchain	16.1.0 ≤ 𝑥 < 16.1.6
f5	big-ip_carrier-grade_nat	16.1.0 ≤ 𝑥 < 16.1.6
f5	big-ip_container_ingress_services	16.1.0 ≤ 𝑥 < 16.1.6
f5	big-ip_ddos_hybrid_defender	16.1.0 ≤ 𝑥 < 16.1.6
f5	big-ip_domain_name_system	16.1.0 ≤ 𝑥 < 16.1.6
f5	big-ip_edge_gateway	16.1.0 ≤ 𝑥 < 16.1.6
f5	big-ip_fraud_protection_service	16.1.0 ≤ 𝑥 < 16.1.6
f5	big-ip_global_traffic_manager	16.1.0 ≤ 𝑥 < 16.1.6
f5	big-ip_link_controller	16.1.0 ≤ 𝑥 < 16.1.6
f5	big-ip_local_traffic_manager	16.1.0 ≤ 𝑥 < 16.1.6
f5	big-ip_policy_enforcement_manager	16.1.0 ≤ 𝑥 < 16.1.6
f5	big-ip_ssl_orchestrator	16.1.0 ≤ 𝑥 < 16.1.6
f5	big-ip_webaccelerator	16.1.0 ≤ 𝑥 < 16.1.6
f5	big-ip_websafe	16.1.0 ≤ 𝑥 < 16.1.6
f5	big-ip_access_policy_manager	17.1.0 ≤ 𝑥 < 17.1.2
f5	big-ip_advanced_firewall_manager	17.1.0 ≤ 𝑥 < 17.1.2
f5	big-ip_advanced_web_application_firewall	17.1.0 ≤ 𝑥 < 17.1.2
f5	big-ip_analytics	17.1.0 ≤ 𝑥 < 17.1.2
f5	big-ip_application_acceleration_manager	17.1.0 ≤ 𝑥 < 17.1.2
f5	big-ip_application_security_manager	17.1.0 ≤ 𝑥 < 17.1.2
f5	big-ip_application_visibility_and_reporting	17.1.0 ≤ 𝑥 < 17.1.2
f5	big-ip_automation_toolchain	17.1.0 ≤ 𝑥 < 17.1.2
f5	big-ip_carrier-grade_nat	17.1.0 ≤ 𝑥 < 17.1.2
f5	big-ip_container_ingress_services	17.1.0 ≤ 𝑥 < 17.1.2
f5	big-ip_ddos_hybrid_defender	17.1.0 ≤ 𝑥 < 17.1.2
f5	big-ip_domain_name_system	17.1.0 ≤ 𝑥 < 17.1.2
f5	big-ip_edge_gateway	17.1.0 ≤ 𝑥 < 17.1.2
f5	big-ip_fraud_protection_service	17.1.0 ≤ 𝑥 < 17.1.2
f5	big-ip_global_traffic_manager	17.1.0 ≤ 𝑥 < 17.1.2
f5	big-ip_link_controller	17.1.0 ≤ 𝑥 < 17.1.2
f5	big-ip_local_traffic_manager	17.1.0 ≤ 𝑥 < 17.1.2
f5	big-ip_policy_enforcement_manager	17.1.0 ≤ 𝑥 < 17.1.2
f5	big-ip_ssl_orchestrator	17.1.0 ≤ 𝑥 < 17.1.2
f5	big-ip_webaccelerator	17.1.0 ≤ 𝑥 < 17.1.2
f5	big-ip_websafe	17.1.0 ≤ 𝑥 < 17.1.2
f5	big-ip_next_central_manager	20.2.0
f5	big-ip_next_central_manager	20.2.1
f5	big-ip_next_cloud-native_network_functions	1.1.0 ≤ 𝑥 ≤ 1.4.1
f5	big-ip_next_service_proxy_for_kubernetes	1.7.0 ≤ 𝑥 ≤ 1.9.2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-770 - Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References

https://my.f5.com/manage/s/article/K000140919