High Threat Security Alert (A25-10-16): Multiple Vulnerabilities in F5 Products


 

Published on: 16 October 2025

Share on Facebook    Share on X   

Description:

F5 has published security advisories to address multiple vulnerabilities in F5 products. The details about the vulnerabilities can be found at the following website:
https://my.f5.com/manage/s/article/K000156572

F5 reported that a recent security incident in F5 systems has led to the exposure of source code and undisclosed vulnerabilities, which might result in high risk of exploitation of vulnerabilities by a sophisticated threat activity. F5 has published security advisories and system administrators are advised to take immediate action to update your affected systems to mitigate the potential elevated risk of cyber attacks. For more details about the security incident, please take reference of the article from the website (https://my.f5.com/manage/s/article/K000154696).

 

Affected Systems:

  • APM Clients version 7.2.5
  • BIG-IP versions 15.1.0 - 15.1.10
  • BIG-IP versions 16.1.0 - 16.1.6
  • BIG-IP versions 17.1.0 - 17.1.2
  • BIG-IP versions 17.5.0 - 17.5.1
  • BIG-IP AFM version 15.1.0 - 15.1.10
  • BIG-IP AFM version 17.1.0 - 17.1.2
  • BIG-IP AFM version 17.5.0
  • BIG-IP APM version 15.1.0 - 15.1.10
  • BIG-IP APM version 16.1.0 - 16.1.6
  • BIG-IP APM version 17.1.0 - 17.1.2
  • BIG-IP APM version 17.5.0 - 17.5.1
  • BIG-IP ASM version 16.1.0 - 16.1.5
  • BIG-IP ASM version 17.1.0 - 17.1.2
  • BIG-IP Advanced WAF/ASM version 15.1.0 - 15.1.10
  • BIG-IP Advanced WAF/ASM version 16.1.0 - 16.1.6
  • BIG-IP Advanced WAF/ASM version 17.1.0 - 17.1.2
  • BIG-IP Advanced WAF/ASM version 17.5.0 - 17.5.1
  • BIG-IP Next CNF version 1.1.0 - 1.4.1
  • BIG-IP Next CNF version 2.0.0 - 2.1.0
  • BIG-IP Next SPK version 1.7.0 - 1.9.2
  • BIG-IP Next SPK version 2.0.0 - 2.0.2
  • BIG-IP Next for Kubernetes version 2.0.0 - 2.1.0
  • BIG-IP PEM version 15.1.0 - 15.1.10
  • BIG-IP PEM version 16.1.0 - 16.1.6
  • BIG-IP PEM version 17.1.0 - 17.1.2
  • BIG-IP PEM version 17.5.0
  • BIG-IP SSL Orchestrator version 15.1.0 - 15.1.10
  • BIG-IP SSL Orchestrator version 16.1.0 - 16.1.5
  • BIG-IP SSL Orchestrator version 17.1.0 - 17.1.2
  • BIG-IP SSL Orchestrator version 17.5.0
  • F5OS-A version 1.5.1 - 1.5.3
  • F5OS-A version 1.8.0 - 1.8.1
  • F5OS-C version 1.6.0 - 1.6.2
  • F5OS-C version 1.8.0 - 1.8.1
  • NGINX App Protect WAF version 4.5.0 - 4.6.0

    •  

    Impact:

    Successful exploitation of the vulnerabilities could lead to elevation of privilege, information disclosure, denial of service, security restriction bypass or tampering on an affected system.

     

    Recommendation:

    Software updates for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. It is recommended to consult the product vendors for the fixes and assistance.

     

    More Information:

    • https://my.f5.com/manage/s/article/K000154696
    • https://my.f5.com/manage/s/article/K000156572
    • https://www.hkcert.org/security-bulletin/f5-products-multiple-vulnerabilities_20251016
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-41430
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46706
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47148
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47150
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48008
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53474
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53521
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53856
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53860
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53868
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54479
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54755
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54805
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54854
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54858
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55036
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55669 (to CVE-2025-55670)
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57780
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58071
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58096
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58120
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58153
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58424
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58474
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59268 (to CVE-2025-59269)
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59478
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59481
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59483
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59778
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59781
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60013
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60015 (to CVE-2025-60016)
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61933
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61935
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61938
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61951
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61955
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61958
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61960
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61974
    • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61990


    Tag: F5 , BIG-IP , APM Clients
    Tags