F5 Patches Several Critical Vulnerabilities in BIG-IP, BIG-IQ

F5 Patches Several Critical Vulnerabilities in BIG-IP, BIG-IQ

On March 10, F5 published a security advisory to address seven vulnerabilities including four critical flaws in BIG-IP and BIG-IQ. The most severe, CVE-2021-22986, is a remote command execution vulnerability in the BIG-IP and BIG-IQ iControl REST API that can be exploited by an unauthenticated, remote attacker.

Last summer, F5 patched CVE-2020-5902, a critical vulnerability in the BIG-IP Traffic Management User Interface (TMUI) that was quickly exploited by attackers soon after it was disclosed. We anticipate that CVE-2021-22986 will also become favored by attackers in due time.

For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

F5 Patches Several Critical Vulnerabilities in BIG-IP, BIG-IQ

Recent Discussions

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild

CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

Microsoft Patch Tuesday 2025 Year in Review

Americas

Europe

Asia / Australia