{"uuid": "e1e996bb-e911-42a6-99b7-7ff1f48d4825", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31644", "type": "published-proof-of-concept", "source": "https://t.me/cybersecplayground/204", "content": "\ud83d\udea8 CVE-2025-31644: Command Injection in F5 BIG-IP (Appliance Mode) \ud83d\udea8\n\nA critical vulnerability has been discovered in F5 BIG-IP systems running in Appliance Mode via iControl REST and tmsh, allowing unauthenticated attackers to execute commands as root.\n\n\ud83d\udca5 This flaw leverages CWE-78: OS Command Injection. An attacker can chain this with management interface exposure to gain full control.\n\n\ud83d\udd25 Proof of Concept\n\ud83d\udc49 GitHub PoC\n\n\ud83d\udd0d Detection Queries\nHUNTER: product.name=\"F5 BIG-IP\"\nFOFA: product=\"f5-BIGIP\"\nShodan: title:\"Big-IP®-Redirect\" or http.favicon.hash:-335242539\n\n\n\ud83d\udcf0 References:\nF5 Official Advisory\nSecurityOnline Info\nCWE-78 Overview\n\n\ud83d\udd10 Mitigation:\n\ud83d\udc49\ud83c\udffb Disable Appliance Mode where not needed\n\ud83d\udc49\ud83c\udffb Restrict access to management interfaces\n\ud83d\udc49\ud83c\udffb Apply official patches ASAP\n\n\u26a1\ufe0f Join us for daily threat updates, CVEs, PoCs, and hunting tools \ud83d\udc47\n\ud83d\udcf2 @cybersecplayground\n\n\ud83d\udc4d Dont Forget to Like | \ud83d\udd01 Share | \ud83d\udce1 Hunt smart!\n\n#hunterhow  #infosec  #infosecurity  #OSINT  #Vulnerability  #bugbountytips  #F5  #BIGIP  #CVE2025_31644", "creation_timestamp": "2025-05-14T18:38:05.000000Z"}