CVE-2025-54858
When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
| Software | From | Fixed in |
|---|---|---|
| f5 / big-ip_advanced_web_application_firewall | 15.1.0 | 15.1.10.8 |
| f5 / big-ip_advanced_web_application_firewall | 16.1.0 | 16.1.6.1 |
| f5 / big-ip_advanced_web_application_firewall | 17.1.0 | 17.1.3 |
| f5 / big-ip_advanced_web_application_firewall | 17.5.0 | 17.5.1.3 |
| f5 / big-ip_application_security_manager | 15.1.0 | 15.1.10.8 |
| f5 / big-ip_application_security_manager | 16.1.0 | 16.1.6.1 |
| f5 / big-ip_application_security_manager | 17.1.0 | 17.1.3 |
| f5 / big-ip_application_security_manager | 17.5.0 | 17.5.1.3 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime