CVE-2025-61938
HIGHDescription
When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repeatedly. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Is your site exposed to CVE-2025-61938?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| f5 | big-ip_advanced_web_application_firewall |
| f5 | big-ip_advanced_web_application_firewall |
| f5 | big-ip_application_security_manager |
| f5 | big-ip_application_security_manager |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-61938? +
How severe is CVE-2025-61938? +
What products are affected by CVE-2025-61938? +
How do I check if I'm vulnerable to CVE-2025-61938? +
Related Vulnerabilities
Incorrect authentication vulnerability in ParkingDoor. Through this vulnerability it is possible to operate the device without the access being logged …
A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows …
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access …
Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Authentication Bypass.This issue affects Self Service Password Reset from …
N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4.
The security state of the calling processor into Trusted Firmware (TF-A) is not used and could potentially allow non-secure processors …