F5 Products Multiple Vulnerabilities

Release Date: 16 Oct 2025

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in F5 Products. A remote attacker could exploit some of these vulnerabilities to trigger cross-site scripting, data manipulation, elevation of privilege, security restriction bypass, sensitive information disclosure and denial of service condition on the targeted system.

---

Impact

• Denial of Service
• Information Disclosure
• Elevation of Privilege
• Cross-Site Scripting
• Data Manipulation
• Security Restriction Bypass

---

System / Technologies affected

BIG-IP (all modules)

• version 17.5.0 - 17.5.1
• version 17.1.0 - 17.1.2
• version 16.1.0 - 16.1.6
• version 15.1.0 - 15.1.10

F5OS-A

• version 1.8.0 - 1.8.13
• version 1.5.1 - 1.5.3

F5OS-C

• version 1.8.0 - 1.8.1
• version 1.6.0 - 1.6.23

BIG-IP Next SPK

• version 2.0.0 - 2.0.2
• version 1.7.0 - 1.9.2

BIG-IP Next CNF

• version 2.0.0 - 2.1.0
• version 1.1.0 - 1.4.1

BIG-IP Next for Kubernetes

• version 2.0.0 - 2.1.0

BIG-IP SSL Orchestrator

• version 17.5.0
• version 17.1.0 - 17.1.2
• version 16.1.0 - 16.1.5
• version 15.1.0 - 15.1.10

BIG-IP ASM

• version 17.1.0 - 17.1.2
• version 16.1.0 - 16.1.5

BIG-IP Advanced WAF/ASM

• version 17.5.0 - 17.5.1
• version 17.1.0 - 17.1.2
• version 16.1.0 - 16.1.6
• version 15.1.0 - 15.1.10

BIG-IP PEM

• version 17.5.0
• version 17.1.0 - 17.1.2
• version 16.1.0 - 16.1.6
• version 15.1.0 - 15.1.10

BIG-IP AFM

• version 17.5.0
• version 17.1.0 - 17.1.2
• version 15.1.0 - 15.1.10

BIG-IP APM

• version 17.5.0 - 17.5.1
• version 17.1.0 - 17.1.2
• version 16.1.0 - 16.1.6
• version 15.1.0 - 15.1.10

BIG-IP APM, APM with SWG, SSL Orchestrator, SSL Orchestrator with SWG

• version 17.5.0
• version 17.1.0 - 17.1.2
• version 16.1.0 - 16.1.6
• version 15.1.0 - 15.1.10

NGINX App Protect WAF

• version 4.5.0 - 4.6.0

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

 

• https://my.f5.com/manage/s/article/K000156572

---

Vulnerability Identifier

• CVE-2025-41430
• CVE-2025-46706
• CVE-2025-47148
• CVE-2025-47150
• CVE-2025-48008
• CVE-2025-53474
• CVE-2025-53521
• CVE-2025-53856
• CVE-2025-53860
• CVE-2025-53868
• CVE-2025-54479
• CVE-2025-54755
• CVE-2025-54805
• CVE-2025-54854
• CVE-2025-54858
• CVE-2025-55036
• CVE-2025-55669
• CVE-2025-55670
• CVE-2025-57780
• CVE-2025-58071
• CVE-2025-58096
• CVE-2025-58120
• CVE-2025-58153
• CVE-2025-58424
• CVE-2025-58474
• CVE-2025-59268
• CVE-2025-59269
• CVE-2025-59478
• CVE-2025-59481
• CVE-2025-59483
• CVE-2025-59778
• CVE-2025-59781
• CVE-2025-60013
• CVE-2025-60015
• CVE-2025-60016
• CVE-2025-61933
• CVE-2025-61935
• CVE-2025-61938
• CVE-2025-61951
• CVE-2025-61955
• CVE-2025-61958
• CVE-2025-61960
• CVE-2025-61974
• CVE-2025-61990

---

Source

• F5

---

Related Link

• https://my.f5.com/manage/s/article/K000156572