{"vulnerability": "CVE-2025-31644", "sightings": [{"uuid": "dea4d969-0ca6-4298-b3eb-cb61ebf695f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31644", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lomnmxb6mz2l", "content": "", "creation_timestamp": "2025-05-08T00:26:17.071375Z"}, {"uuid": "112635b6-bcde-4db9-aaaa-bf6778746197", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31644", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3lomrb2mw5p2h", "content": "", "creation_timestamp": "2025-05-08T01:31:12.957467Z"}, {"uuid": "4dd9991e-e093-42d0-a3a6-9c38c5fa6ee3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31644", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/36371", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-31644: Command Injection in Appliance mode in F5 BIG-IP\nURL\uff1ahttps://github.com/mbadanoiu/CVE-2025-31644\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-05-11T08:34:39.000000Z"}, {"uuid": "dcb893db-ac8c-468f-967a-0f272ce05e51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31644", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15443", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31644\n\ud83d\udd25 CVSS Score: 8.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N)\n\ud83d\udd39 Description: When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful exploit can allow the attacker to cross a security boundary.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\ud83d\udccf Published: 2025-05-07T22:04:10.938Z\n\ud83d\udccf Modified: 2025-05-07T22:04:10.938Z\n\ud83d\udd17 References:\n1. https://my.f5.com/manage/s/article/K000148591", "creation_timestamp": "2025-05-07T22:23:00.000000Z"}, {"uuid": "e1e996bb-e911-42a6-99b7-7ff1f48d4825", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31644", "type": "published-proof-of-concept", "source": "https://t.me/cybersecplayground/204", "content": "\ud83d\udea8 CVE-2025-31644: Command Injection in F5 BIG-IP (Appliance Mode) \ud83d\udea8\n\nA critical vulnerability has been discovered in F5 BIG-IP systems running in Appliance Mode via iControl REST and tmsh, allowing unauthenticated attackers to execute commands as root.\n\n\ud83d\udca5 This flaw leverages CWE-78: OS Command Injection. An attacker can chain this with management interface exposure to gain full control.\n\n\ud83d\udd25 Proof of Concept\n\ud83d\udc49 GitHub PoC\n\n\ud83d\udd0d Detection Queries\nHUNTER: product.name=\"F5 BIG-IP\"\nFOFA: product=\"f5-BIGIP\"\nShodan: title:\"Big-IP®-Redirect\" or http.favicon.hash:-335242539\n\n\n\ud83d\udcf0 References:\nF5 Official Advisory\nSecurityOnline Info\nCWE-78 Overview\n\n\ud83d\udd10 Mitigation:\n\ud83d\udc49\ud83c\udffb Disable Appliance Mode where not needed\n\ud83d\udc49\ud83c\udffb Restrict access to management interfaces\n\ud83d\udc49\ud83c\udffb Apply official patches ASAP\n\n\u26a1\ufe0f Join us for daily threat updates, CVEs, PoCs, and hunting tools \ud83d\udc47\n\ud83d\udcf2 @cybersecplayground\n\n\ud83d\udc4d Dont Forget to Like | \ud83d\udd01 Share | \ud83d\udce1 Hunt smart!\n\n#hunterhow  #infosec  #infosecurity  #OSINT  #Vulnerability  #bugbountytips  #F5  #BIGIP  #CVE2025_31644", "creation_timestamp": "2025-05-14T18:38:05.000000Z"}, {"uuid": "c542b4af-a7cf-40c9-a582-180d2a845e87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31644", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lomkcxrvqak2", "content": "", "creation_timestamp": "2025-05-07T23:30:25.967919Z"}, {"uuid": "d7f72fef-8263-4be7-be35-ecdfd75ecfc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31644", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lvjlbvtnra22", "content": "", "creation_timestamp": "2025-08-03T21:02:45.730317Z"}, {"uuid": "7ae0b676-0534-4473-b4c0-99a0b7031d40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31644", "type": "seen", "source": "https://t.me/cvedetector/24776", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31644 - F5 BIG-IP Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31644 \nPublished : May 7, 2025, 10:15 p.m. | 29\u00a0minutes ago \nDescription : When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful exploit can allow the attacker to cross a security boundary.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. \nSeverity: 8.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-08T00:52:51.000000Z"}]}