CVE-2025-61938 - F5 Big-ip Application Security Manager and F5 Big-ip Advanced Web Application Firewall

Critical 7.5

When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repeatedly.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected software

F5 Big-ip Application Security Manager

F5 Big-ip Advanced Web Application Firewall

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.