High Threat Security Alert (A26-01-11): Multiple Vulnerabilities in F5 Products

Description:

F5 has published security advisories to address multiple vulnerabilities in F5 products. The details about the vulnerabilities can be found at the following website:
https://my.f5.com/manage/s/article/K000157317
https://my.f5.com/manage/s/article/K000157334
https://my.f5.com/manage/s/article/K000159546

Reports indicate that the proof-of-concept (PoC) code for the tampering vulnerability (CVE-2025-40778) in F5 BIG-IP (DNS, Link Controller) is publicly available. An unauthenticated attacker may exploit the vulnerability to inject forged data into the cache. System administrators are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

• BIG-IP (DNS, Link Controller) versions 15.1.0 - 15.1.10
• BIG-IP (DNS, Link Controller) versions 16.1.0 - 16.1.6
• BIG-IP (DNS, Link Controller) versions 17.1.0 - 17.1.3
• BIG-IP (DNS, Link Controller) versions 17.5.0 - 17.5.1
• BIG-IP (DNS, Link Controller) versions 21.0.0
• F5OS-A version 1.5.1 - 1.5.4
• F5OS-A version 1.8.0 - 1.8.3
• F5OS-C version 1.6.0 - 1.6.4
• F5OS-C version 1.8.0 - 1.8.2

Impact:

Successful exploitation of the vulnerabilities could lead to denial of service, information disclosure or tampering on an affected system.

Recommendation:

Software updates for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. It is recommended to consult the product vendors for the fixes and assistance.

More Information:

• https://my.f5.com/manage/s/article/K000157317
• https://my.f5.com/manage/s/article/K000157334
• https://my.f5.com/manage/s/article/K000159546
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5642
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8677
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40778