CVE-2025-20029 PoC — F5 iControl REST和F5 BIG-IP TMOS Shell 操作系统命令注入漏洞

Source

https://github.com/mbadanoiu/CVE-2025-20029

Associated Vulnerability

Title:F5 iControl REST和F5 BIG-IP TMOS Shell 操作系统命令注入漏洞 (CVE-2025-20029)
Description:F5 iControl REST和F5 BIG-IP TMOS Shell都是美国F5公司的产品。F5 iControl REST是一个开发框架。F5 BIG-IP TMOS Shell是一个命令行。 F5 iControl REST和F5 BIG-IP TMOS Shell存在操作系统命令注入漏洞，该漏洞源于存在命令注入漏洞，允许经过身份验证的攻击者执行任意系统命令。

Description

CVE-2025-20029: Command Injection in TMSH CLI in F5 BIG-IP

Readme

# CVE-2025-20029: Command Injection in TMSH CLI in F5 BIG-IP

A command injection vulnerability exists in the F5 “tmsh” restricted CLI which allows an authenticated attacker to leverage the commands accessible by a low privilege user in order to bypass restrictions, inject arbitrary commands and obtain remote code execution as the “root” user on the target system.

### Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found [here](https://my.f5.com/manage/s/article/K000148587).

### Requirements:

This vulnerability requires:
<br/>
- Valid user credentials
- The capability to send requests to the iControl REST component and/or the capability to execute tmsh commands

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2025-20029/blob/main/F5%20-%20CVE-2025-20029.pdf).

File Snapshot


 [4.0K]  /data/pocs/d4e36314d0e2924f0e9dd241f92ab71448593eb9
├── [316K]  F5 - CVE-2025-20029.pdf
└── [ 892]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!