Main Vulnerability Database Exploits ID:11389 - Exploit for OS Command Injection in BIG-IP - CVE-2025-20029

ID:11389 - Exploit for OS Command Injection in BIG-IP - CVE-2025-20029

Published: May 9, 2025

Vulnerability identifier: #VU103717

Vulnerability risk: Low

CVE-ID: CVE-2025-20029

CWE-ID: CWE-78

Exploitation vector: Remote access

Vulnerable software:
BIG-IP

Link to public exploit:

https://github.com/schoi1337/CVE-2025-20029-simulation

Vulnerability description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to improper input validation in TMOS Shell (tmsh). A remote user can execute arbitrary OS commands on the system and elevated privileges.

Remediation

Install updates from vendor's website.

ID:11389 - Exploit for OS Command Injection in BIG-IP - CVE-2025-20029

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human