{"vulnerability": "CVE-2025-3164", "sightings": [{"uuid": "c8eca60f-c8d2-4ff2-bb0b-891355964ac8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31641", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpcodoekri2h", "content": "", "creation_timestamp": "2025-05-16T18:37:40.229578Z"}, {"uuid": "57060d26-895b-4261-8137-caa328faea81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31646", "type": "seen", "source": "https://infosec.place/objects/b38f90ed-eb7b-40df-aef1-28c64d275750", "content": "", "creation_timestamp": "2025-08-20T13:30:40.122945Z"}, {"uuid": "7ca7609e-4a57-4028-854e-75ffe998696a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31649", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m5uklz5skg2q", "content": "", "creation_timestamp": "2025-11-18T01:11:16.356563Z"}, {"uuid": "475d1d7f-c4db-4621-9e10-919b5968b0bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31643", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mbtzt233we2a", "content": "", "creation_timestamp": "2026-01-07T17:51:45.451098Z"}, {"uuid": "794591f3-d9f6-49c8-a243-530f2cd605b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31643", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mbtzuyyvbl2u", "content": "", "creation_timestamp": "2026-01-07T17:52:52.380394Z"}, {"uuid": "2edc88d5-f91d-4218-baca-2a37063f62d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2025-31648", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mgagnks63c2e", "content": "", "creation_timestamp": "2026-03-04T13:54:07.467788Z"}, {"uuid": "e1e996bb-e911-42a6-99b7-7ff1f48d4825", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31644", "type": "published-proof-of-concept", "source": "https://t.me/cybersecplayground/204", "content": "\ud83d\udea8 CVE-2025-31644: Command Injection in F5 BIG-IP (Appliance Mode) \ud83d\udea8\n\nA critical vulnerability has been discovered in F5 BIG-IP systems running in Appliance Mode via iControl REST and tmsh, allowing unauthenticated attackers to execute commands as root.\n\n\ud83d\udca5 This flaw leverages CWE-78: OS Command Injection. An attacker can chain this with management interface exposure to gain full control.\n\n\ud83d\udd25 Proof of Concept\n\ud83d\udc49 GitHub PoC\n\n\ud83d\udd0d Detection Queries\nHUNTER: product.name=\"F5 BIG-IP\"\nFOFA: product=\"f5-BIGIP\"\nShodan: title:\"Big-IP®-Redirect\" or http.favicon.hash:-335242539\n\n\n\ud83d\udcf0 References:\nF5 Official Advisory\nSecurityOnline Info\nCWE-78 Overview\n\n\ud83d\udd10 Mitigation:\n\ud83d\udc49\ud83c\udffb Disable Appliance Mode where not needed\n\ud83d\udc49\ud83c\udffb Restrict access to management interfaces\n\ud83d\udc49\ud83c\udffb Apply official patches ASAP\n\n\u26a1\ufe0f Join us for daily threat updates, CVEs, PoCs, and hunting tools \ud83d\udc47\n\ud83d\udcf2 @cybersecplayground\n\n\ud83d\udc4d Dont Forget to Like | \ud83d\udd01 Share | \ud83d\udce1 Hunt smart!\n\n#hunterhow  #infosec  #infosecurity  #OSINT  #Vulnerability  #bugbountytips  #F5  #BIGIP  #CVE2025_31644", "creation_timestamp": "2025-05-14T18:38:05.000000Z"}, {"uuid": "fe502fed-3df3-49eb-8a2c-be2408087aa7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3164", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llwlvmucer2c", "content": "", "creation_timestamp": "2025-04-03T19:06:25.314164Z"}, {"uuid": "c542b4af-a7cf-40c9-a582-180d2a845e87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31644", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lomkcxrvqak2", "content": "", "creation_timestamp": "2025-05-07T23:30:25.967919Z"}, {"uuid": "dea4d969-0ca6-4298-b3eb-cb61ebf695f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31644", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lomnmxb6mz2l", "content": "", "creation_timestamp": "2025-05-08T00:26:17.071375Z"}, {"uuid": "112635b6-bcde-4db9-aaaa-bf6778746197", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31644", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3lomrb2mw5p2h", "content": "", "creation_timestamp": "2025-05-08T01:31:12.957467Z"}, {"uuid": "d7f72fef-8263-4be7-be35-ecdfd75ecfc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31644", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lvjlbvtnra22", "content": "", "creation_timestamp": "2025-08-03T21:02:45.730317Z"}, {"uuid": "273cb792-6c95-42e5-8345-d349dfa9c1ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31642", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mbsj64yrkh2e", "content": "", "creation_timestamp": "2026-01-07T03:21:06.951163Z"}, {"uuid": "183d1e13-350b-41be-807b-ee81a2ad94ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31642", "type": "seen", "source": "https://gist.github.com/Darkcrai86/539bbdc5db7e44287e59be0dab8f0d1d", "content": "", "creation_timestamp": "2026-01-07T07:56:35.000000Z"}, {"uuid": "6e30088c-7499-4e5d-acc6-fd030f86d176", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31643", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mbtnq7t27e2c", "content": "", "creation_timestamp": "2026-01-07T14:15:25.582664Z"}, {"uuid": "500c58fe-c2f0-4037-9aa6-0f4d418eb5ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31642", "type": "seen", "source": "Telegram/ibWxRtBUDvxV1OEiTTPvcqviWUN2uN5UEbzlca3jMyzNOqg", "content": "", "creation_timestamp": "2026-01-07T03:01:30.000000Z"}, {"uuid": "f56242eb-5bcc-4416-ae5a-addf66ab9806", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3164", "type": "seen", "source": "https://t.me/cvedetector/21992", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3164 - Tencent Music Entertainment SuperSonic H2 Database Connection Handler Code Injection\", \n  \"Content\": \"CVE ID : CVE-2025-3164 \nPublished : April 3, 2025, 4:15 p.m. | 47\u00a0minutes ago \nDescription : A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/semantic/database/testConnect of the component H2 Database Connection Handler. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 4.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T19:24:59.000000Z"}, {"uuid": "7ae0b676-0534-4473-b4c0-99a0b7031d40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31644", "type": "seen", "source": "https://t.me/cvedetector/24776", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31644 - F5 BIG-IP Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31644 \nPublished : May 7, 2025, 10:15 p.m. | 29\u00a0minutes ago \nDescription : When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful exploit can allow the attacker to cross a security boundary.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. \nSeverity: 8.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-08T00:52:51.000000Z"}, {"uuid": "1052cf0b-89b9-4367-b28a-5dbc082cf37c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31640", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpcodnjnbr2h", "content": "", "creation_timestamp": "2025-05-16T18:37:35.443246Z"}, {"uuid": "b35e092f-72d1-4d92-9677-38611b6340fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31649", "type": "seen", "source": "https://infosec.place/objects/c4fb9493-0d44-4262-9514-bf83eeef89f5", "content": "", "creation_timestamp": "2025-11-17T14:30:05.806689Z"}, {"uuid": "6bf8e4b2-7898-44e7-99c2-38af3c630298", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31648", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "4dd9991e-e093-42d0-a3a6-9c38c5fa6ee3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31644", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/36371", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-31644: Command Injection in Appliance mode in F5 BIG-IP\nURL\uff1ahttps://github.com/mbadanoiu/CVE-2025-31644\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-05-11T08:34:39.000000Z"}, {"uuid": "dcb893db-ac8c-468f-967a-0f272ce05e51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31644", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15443", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31644\n\ud83d\udd25 CVSS Score: 8.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N)\n\ud83d\udd39 Description: When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful exploit can allow the attacker to cross a security boundary.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\ud83d\udccf Published: 2025-05-07T22:04:10.938Z\n\ud83d\udccf Modified: 2025-05-07T22:04:10.938Z\n\ud83d\udd17 References:\n1. https://my.f5.com/manage/s/article/K000148591", "creation_timestamp": "2025-05-07T22:23:00.000000Z"}]}