Description:
F5 has published security advisories to address multiple vulnerabilities in F5 products. The details about the vulnerabilities can be found at the following websites:
https://my.f5.com/manage/s/article/K000141436
https://my.f5.com/manage/s/article/K000151546
https://my.f5.com/manage/s/article/K000151782
https://my.f5.com/manage/s/article/K000152001
Affected Systems:
- APM Clients version 7.2.5
- BIG-IP versions 15.1.0 - 15.1.10
- BIG-IP versions 16.1.0 - 16.1.6
- BIG-IP versions 17.1.0 - 17.1.2
- BIG-IP versions 17.5.0 - 17.5.1
- BIG-IP Next version 20.3.0
- BIG-IP Next CNF versions 1.1.0 - 1.4.1
- BIG-IP Next CNF versions 2.0.0 - 2.0.2
- BIG-IP Next SPK versions 1.7.0 - 1.9.2
- BIG-IP Next SPK versions 2.0.0 - 2.2.2
- BIG-IP Next for Kubernetes version 2.0.0
Impact:
Successful exploitation of the vulnerabilities could lead to denial of service or elevation of privilege of an affected system.
Recommendation:
Software updates for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. It is recommended to consult the product vendors for the fixes and assistance.
More Information:
- https://my.f5.com/manage/s/article/K000141436
- https://my.f5.com/manage/s/article/K000151546
- https://my.f5.com/manage/s/article/K000151782
- https://my.f5.com/manage/s/article/K000152001
- https://www.hkcert.org/security-bulletin/f5-big-ip-multiple-vulnerabilities_20250814
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46405
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48500
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52585
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54500
