CVE-2025-54858 - F5 Big-ip Application Security Manager and F5 Big-ip Advanced Web Application Firewall

Critical 7.5

When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected software

F5 Big-ip Application Security Manager

F5 Big-ip Advanced Web Application Firewall

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.