Most Exploited Internet-Facing Products

MEIFP

Back to Ranking

F5

Products: BIG-IP

107.5

Score

5

CVEs

3

Active

2

PoC

3

KEV

#20

Rank

Period:

Product:

CVE ID	Published	CVSS	Exploit	KEV	AC	PR	Auto	Score(hover)	Affected Products	Description
CVE-2025-53521	2025-10-15	9.3v4.0	ACTIVE		Low	None	YES	40.6	BIG-IP	When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2025-20029	2025-02-05	8.7v4.0	POC	—	Low	Low	no	0.0	BIG-IP	Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-45844	2024-10-16	8.6v4.0	POC	—	Low	High	no	0.0	BIG-IP	BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2023-46747	2023-10-26	9.8v3.1	ACTIVE		Low	None	YES	40.6	BIG-IP	Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) a
CVE-2023-46748	2023-10-26	8.8v3.1	ACTIVE		Low	Low	no	26.4	BIG-IP	An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software vers

Each CVE: 10 pts base (Active only), boosted by:

KEV×2.0AC: Low×1.2PR: None×1.3PR: Low×1.1Auto×1.3