Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Amresh008's avatar
Amresh008
Icon for Nimbostratus rankNimbostratus
Jul 06, 2020

Community Question: K52145254: TMUI RCE vulnerability CVE-2020-5902

Editors Note: Authoritative answers for this CVE can be found at https://support.f5.com/csp/article/K52145254. -LZ.   This vulnerability was recently announced and steps were take as suggested (obv...
application delivery
big-ip
LTM
  • Amresh008's avatar
    Amresh008
    Icon for Nimbostratus rankNimbostratus
    Jul 07, 2020

    Samir, I have already gone through this document but this does not answer my query. One of my colleagues spoke to TAC and narrated me that as per TAC this vulnerability may allow (let's say an L1 engineer) with no actual rights to modify the services, can actually modify them.

    • nmb-AskF5's avatar
      nmb-AskF5
      Icon for Employee rankEmployee
      Jul 13, 2020

      This is noted in the official Security Advisory, as of last week:

       

      "Note: Authenticated users will still be able to exploit the vulnerability, independent of their privilege level."

       

      Please refer to the official Security Advisory on AskF5 linked above for more detail on how to install a point release to patch the vulnerability. Thanks!