Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

rajeshgoud's avatar
rajeshgoud
Icon for Altostratus rankAltostratus
Sep 20, 2019

How to identify which iRule is vulnerable

https://support.f5.com/csp/article/K15650046   need help to generate an error in logs inase an iRule is idtefied to be vulnerable
application delivery
big-ip
jaikumar_f5's avatar
jaikumar_f5
Icon for Noctilucent rankNoctilucent
Sep 23, 2019

Hi Rajesh,

 

You can easily find this by running a load verify command.

 

#tmsh load sys config verify

 

When you run the above command, it will verify all the configuration files, it will particularly verify our bigip.conf file. And wherever it sees this behavior it will throw the below entries,

 

<irule_name>: warning: [use curly braces to avoid double substitution][<Part_of_ irule_in_question>]

 

It will tell you the Irule name along with the line in which it is affected. Hope this helps.

Also as explained in the article, not everything would be captured but most certainly will. As this is not a bug in the F5 or in the TCL. Its a recommendable coding practice I would say to avoid risks.