{"uuid": "834a30cc-c06c-49b3-9157-eb77f711c73f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "name": "F5 - K000156572: Quarterly Security Notification (October 2025)", "description": "| Article (CVE) | CVSS score<sup>1</sup> | Affected products | Affected versions<sup>2</sup> | Fixes introduced in |\n| -------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------- | ------------------------------------------- |\n| [K000151902: BIG-IP SCP and SFTP vulnerability CVE-2025-53868](https://my.f5.com/manage/s/article/K000151902) | 8.7 (CVSS v3.1)
8.5 (CVSS v4.0) | BIG-IP (all modules) | 17.5.0
17.1.0 - 17.1.2
16.1.0 - 16.1.6
15.1.0 - 15.1.10 | 17.5.1
17.1.3
16.1.6.1
15.1.10.8 |\n| [K000156767: F5OS vulnerability CVE-2025-61955](https://my.f5.com/manage/s/article/K000156767) | 7.8 (standard mode) (CVSS v3.1)
8.8 (appliance mode) (CVSS v3.1)
8.5 (standard and appliance mode) (CVSS v4.0) | F5OS-A | 1.8.0<sup>3</sup>
1.5.1 - 1.5.3 | 1.8.3
1.5.4 |\n| F5OS-C | 1.8.0 - 1.8.1
1.6.0 - 1.6.2<sup>3</sup> | 1.8.2
1.6.4 |\n| [K000156771: F5OS vulnerability CVE-2025-57780](https://my.f5.com/manage/s/article/K000156771) | 7.8 (standard mode) (CVSS v3.1)
8.8 (appliance mode) (CVSS v3.1)
8.5 (standard and appliance mode) (CVSS v4.0) | F5OS-A | 1.8.0<sup>3</sup>
1.5.1 - 1.5.3 | 1.8.3
1.5.4 |\n| F5OS-C | 1.8.0 - 1.8.1
1.6.0 - 1.6.2<sup>3</sup> | 1.8.2
1.6.4 |\n| [K000139514: BIG-IP SSL/TLS vulnerability CVE-2025-60016](https://my.f5.com/manage/s/article/K000139514) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP (all modules) | 17.1.0 - 17.1.1 | 17.1.2 |\n| BIG-IP Next SPK | 1.7.0 - 1.9.2 | 2.0.0 |\n| BIG-IP Next CNF | 1.1.0 - 1.3.3 | 2.0.0
1.4.0 |\n| [K000150614: BIG-IP MPTCP vulnerability CVE-2025-48008](https://my.f5.com/manage/s/article/K000150614) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP (all modules) | 17.1.0 - 17.1.2
16.1.0 - 16.1.5
15.1.0 - 15.1.10 | 17.1.2.2
16.1.6
15.1.10.8 |\n| BIG-IP Next SPK | 1.7.0 - 1.9.2 | None |\n| BIG-IP Next CNF | 1.1.0 - 1.4.1 | None |\n| [K000150637: BIG-IP DNS cache vulnerability CVE-2025-59781](https://my.f5.com/manage/s/article/K000150637) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP (all modules) | 17.1.0 - 17.1.2
16.1.0 - 16.1.5
15.1.0 - 15.1.10 | 17.1.2.2
16.1.6
15.1.10.8 |\n| BIG-IP Next CNF | 1.1.0 - 1.4.0 | 1.4.0 EHF-3<sup>4</sup> |\n| [K000150667: BIG-IP SSL Orchestrator vulnerability CVE-2025-41430](https://my.f5.com/manage/s/article/K000150667) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP SSL Orchestrator | 17.5.0
17.1.0 - 17.1.2
16.1.0 - 16.1.3
15.1.0 - 15.1.9 | 17.5.1
17.1.3
16.1.4 |\n| [K000150752: BIG-IP HTTP/2 vulnerability CVE-2025-55669](https://my.f5.com/manage/s/article/K000150752) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP ASM | 17.1.0 - 17.1.2
16.1.0 - 16.1.5 | 17.1.2.2
16.1.5 |\n| [K000151309: BIG-IP DTLS 1.2 vulnerability CVE-2025-61951](https://my.f5.com/manage/s/article/K000151309) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP (all modules) | 17.5.0
17.1.0 - 17.1.2
16.1.0 - 16.1.6 | 17.5.1
17.1.3
16.1.6.1 |\n| [K000151368: BIG-IP SSL Orchestrator vulnerability CVE-2025-55036](https://my.f5.com/manage/s/article/K000151368) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP SSL Orchestrator | 17.1.0 - 17.1.2
16.1.0 - 16.1.5
15.1.0 - 15.1.10 | 17.1.3
16.1.6
15.1.10.8 |\n| [K000151475: BIG-IP PEM vulnerability CVE-2025-54479](https://my.f5.com/manage/s/article/K000151475) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP PEM | 17.5.0
17.1.0 - 17.1.2
16.1.0 - 16.1.6
15.1.0 - 15.1.10 | 17.5.1
17.1.3
16.1.6.1
15.1.10.8 |\n| BIG-IP Next CNF | 2.0.0 - 2.1.0
1.1.0 - 1.4.0 | 2.1.0 EHF-1<sup>4</sup>
2.0.2 EHF-2<sup>4</sup>
2.0.0 EHF-2<sup>4</sup>
1.4.0 EHF-3<sup>4</sup> |\n| BIG-IP Next for Kubernetes | 2.0.0 - 2.1.0 | 2.1.0 EHF-2<sup>4</sup> |\n| [K000151611: BIG-IP iRules vulnerability CVE-2025-46706](https://my.f5.com/manage/s/article/K000151611) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP (all modules) | 17.1.0 - 17.1.2
16.1.0 - 16.1.5 | 17.1.2.2
16.1.6 |\n| BIG-IP Next SPK | 1.7.0 - 1.9.2 | 2.0.0
1.7.14 EHF-2<sup>4</sup> |\n| BIG-IP Next CNF | 1.1.0 - 1.4.1 | 2.0.0
1.4.0 EHF-3<sup>4</sup> |\n| [K000152341: BIG-IP AFM DoS protection profile vulnerability CVE-2025-59478](https://my.f5.com/manage/s/article/K000152341) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP AFM | 17.5.0
17.1.0 - 17.1.2
15.1.0 - 15.1.10 | 17.5.1
17.1.3
15.1.10.8 |\n| [K000156624: BIG-IP Advanced WAF and ASM bd process vulnerability CVE-2025-61938](https://my.f5.com/manage/s/article/K000156624) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP Advanced WAF/ASM | 17.5.0
17.1.0 - 17.1.2 | 17.5.1
17.1.3 |\n| [K000156621: BIG-IP Advanced WAF and ASM vulnerability CVE-2025-54858](https://my.f5.com/manage/s/article/K000156621) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP Advanced WAF/ASM | 17.5.0 - 17.5.1
17.1.0 - 17.1.2
16.1.0 - 16.1.6
15.1.0 - 15.1.10 | 17.5.1.3
17.1.3
16.1.6.1
15.1.10.8 |\n| [K000156623: BIG-IP Next (CNF, SPK, and Kubernetes) vulnerability CVE-2025-58120](https://my.f5.com/manage/s/article/K000156623) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP Next SPK | 2.0.0
1.7.0 - 1.7.14 | 2.0.1
1.7.14 EHF-2<sup>4</sup> |\n| BIG-IP Next CNF | 2.0.0
1.1.0 - 1.4.1 | 2.0.1 |\n| BIG-IP Next for Kubernetes | 2.0.0 | 2.1.0 |\n| [K000156707: BIG-IP TMM vulnerability CVE-2025-53856](https://my.f5.com/manage/s/article/K000156707) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP (all modules) | 17.5.0 - 17.5.1
17.1.0 - 17.1.2
16.1.0 - 16.1.6
15.1.0 - 15.1.10 | 17.5.1.3
17.1.3
16.1.6.1
15.1.10.8 |\n| [K000156733: BIG-IP SSL/TLS vulnerability CVE-2025-61974](https://my.f5.com/manage/s/article/K000156733) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP (all modules) | 17.5.0 - 17.5.1
17.1.0 - 17.1.2
16.1.0 - 16.1.6
15.1.0 - 15.1.10 | 17.5.1.3
17.1.3
16.1.6.1
15.1.10.8 |\n| BIG-IP Next SPK | 2.0.0 - 2.0.2
1.7.0 - 1.9.2 | 2.1.0 EHF-1<sup>4</sup>
2.0.2 EHF-2<sup>4</sup>
2.0.0 EHF-2<sup>4</sup>
1.7.14 EHF-2<sup>4</sup> |\n| BIG-IP Next CNF | 2.0.0 - 2.1.0
1.1.0 - 1.4.1 | 2.1.0 EHF-1<sup>4</sup>
2.0.2 EHF-2<sup>4</sup>
2.0.0 EHF-2<sup>4</sup>
1.4.0 EHF-3<sup>4</sup> |\n| BIG-IP Next for Kubernetes | 2.0.0 - 2.1.0 | 2.1.0 EHF-1<sup>4</sup> |\n| 3.7 (CVSS v3.1)
6.3 (CVSS v4.0) | F5 Silverline (all services) | Not applicable | Not applicable |\n| [K000156746: BIG-IP IPsec vulnerability CVE-2025-58071](https://my.f5.com/manage/s/article/K000156746) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP (all modules) | 17.5.0
17.1.0 - 17.1.2
16.1.0 - 16.1.6
15.1.0 - 15.1.10 | 17.5.1
17.1.3
16.1.6.1
15.1.10.8 |\n| BIG-IP Next CNF | 2.0.0 - 2.1.0
1.1.0 - 1.4.1 | 2.1.0 EHF-1<sup>4</sup>
2.0.2 EHF-2<sup>4</sup>
2.0.0 EHF-2<sup>4</sup>
1.4.0 EHF-3<sup>4</sup> |\n| BIG-IP Next for Kubernetes | 2.0.0 - 2.1.0 | 2.1.0 EHF-1<sup>4</sup> |\n| [K000156741: BIG-IP APM vulnerability CVE-2025-53521](https://my.f5.com/manage/s/article/K000156741) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP APM | 17.5.0 - 17.5.1
17.1.0 - 17.1.2
16.1.0 - 16.1.6
15.1.0 - 15.1.10 | 17.5.1.3
17.1.3
16.1.6.1
15.1.10.8 |\n| [K000156597: BIG-IP APM portal access vulnerability CVE-2025-61960](https://my.f5.com/manage/s/article/K000156597) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP APM | 17.5.0 - 17.5.1
17.1.0 - 17.1.2
16.1.0 - 16.1.6 | 17.5.1.3
17.1.3
16.1.6.1 |\n| [K000156602: BIG-IP APM vulnerability CVE-2025-54854](https://my.f5.com/manage/s/article/K000156602) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP APM | 17.5.0 - 17.5.1
17.1.0 - 17.1.2
16.1.0 - 16.1.6
15.1.0 - 15.1.10 | 17.5.1.3
17.1.3
16.1.6.1
15.1.10.8 |\n| [K44517780: BIG-IP iRules vulnerability CVE-2025-53474](https://my.f5.com/manage/s/article/K44517780) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP APM | 17.5.0 - 17.5.1
17.1.0 - 17.1.2
16.1.0 - 16.1.6
15.1.0 - 15.1.10 | 17.5.1.3
17.1.3
16.1.6.1
15.1.10.8 |\n| [K000156912: BIG-IP TMM vulnerability CVE-2025-61990](https://my.f5.com/manage/s/article/K000156912) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP (all modules) | 17.5.0 - 17.5.1
17.1.0 - 17.1.2
16.1.0 - 16.1.6
15.1.0 - 15.1.10 | 17.5.1.3
17.1.3
16.1.6.1
15.1.10.8 |\n| BIG-IP Next SPK | 2.0.0 - 2.0.2
1.7.0 - 1.9.2 | 2.1.0 EHF-1<sup>4</sup>
2.0.2 EHF-2<sup>4</sup>
2.0.0 EHF-2<sup>4</sup>1.7.15 EHF-2<sup>4</sup> |\n| BIG-IP Next CNF | 2.0.0 - 2.1.0
1.1.0 - 1.4.1 | 2.1.0 EHF-1<sup>4</sup>
2.0.2 EHF-2<sup>4</sup>
2.0.0 EHF-2<sup>4</sup>1.4.0 EHF-3<sup>4</sup> |\n| BIG-IP Next for Kubernetes | 2.0.0 - 2.1.0 | 2.1.0 EHF-1<sup>4</sup> |\n| [K000156691: BIG-IP TMM vulnerability CVE-2025-58096](https://my.f5.com/manage/s/article/K000156691) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP (all modules) | 17.5.0 - 17.5.1
17.1.0 - 17.1.2
16.1.0 - 16.1.6
15.1.0 - 15.1.10 | 17.5.1.3
17.1.3
16.1.6.1
15.1.10.8 |\n| [K000154664: BIG-IP Advanced WAF and ASM vulnerability CVE-2025-61935](https://my.f5.com/manage/s/article/K000154664) | 7.5 (CVSS v3.1)
8.7 (CVSS v4.0) | BIG-IP Advanced WAF/ASM | 17.5.0
17.1.0 - 17.1.2
15.1.0 - 15.1.10 | 17.5.1
17.1.3
15.1.10.8 |\n| [K000151718: VELOS partition container network vulnerability CVE-2025-59778](https://my.f5.com/manage/s/article/K000151718) | 7.5 (CVSS v3.1)
7.7 (CVSS v4.0) | F5OS-C | 1.8.0 - 1.8.1
1.6.0 - 1.6.2<sup>3</sup> | 1.8.2
1.6.4 |", "creation_timestamp": "2025-10-15T15:31:29.212143+00:00", "timestamp": "2025-10-16T18:32:28.249512+00:00", "related_vulnerabilities": ["CVE-2025-54479", "CVE-2025-55669", "CVE-2025-60016", "CVE-2025-59478", "CVE-2025-61951", "CVE-2025-61960", "CVE-2025-53521", "CVE-2025-61974", "CVE-2025-41430", "CVE-2025-61938", "CVE-2025-61955", "CVE-2025-57780", "CVE-2025-48008", "CVE-2025-53474", "CVE-2025-53868", "CVE-2025-59781", "CVE-2025-54858", "CVE-2025-53856", "CVE-2025-59778", "CVE-2025-58096", "CVE-2025-58071", "CVE-2025-54854", "CVE-2025-61935", "CVE-2025-55036", "CVE-2025-58120", "CVE-2025-46706", "CVE-2025-61990"], "meta": [{"ref": ["https://www.cssf.lu/en/2025/10/multiple-vulnerabilities-in-f5-devices-and-products/", "https://rulezet.org/bundle/detail/5", "https://www.cisa.gov/news-events/directives/ed-26-01-mitigate-vulnerabilities-f5-devices"]}], "author": {"login": "adulau", "name": "Alexandre Dulaunoy", "uuid": "c933734a-9be8-4142-889e-26e95c752803"}}