F5 - K000156572: Quarterly Security Notification (October 2025)

Created on 2025-10-15 15:31, updated on 2025-10-16 18:32, by Alexandre Dulaunoy
JSON
Description
Article (CVE) CVSS score<sup>1</sup> Affected products Affected versions<sup>2</sup> Fixes introduced in
K000151902: BIG-IP SCP and SFTP vulnerability CVE-2025-53868 8.7 (CVSS v3.1)
8.5 (CVSS v4.0)		 BIG-IP (all modules) 17.5.0
17.1.0 - 17.1.2
16.1.0 - 16.1.6
15.1.0 - 15.1.10		 17.5.1
17.1.3
16.1.6.1
15.1.10.8
K000156767: F5OS vulnerability CVE-2025-61955 7.8 (standard mode) (CVSS v3.1)
8.8 (appliance mode) (CVSS v3.1)
8.5 (standard and appliance mode) (CVSS v4.0)		 F5OS-A 1.8.0<sup>3</sup>
1.5.1 - 1.5.3		 1.8.3
1.5.4
F5OS-C 1.8.0 - 1.8.1
1.6.0 - 1.6.2<sup>3</sup>		 1.8.2
1.6.4
K000156771: F5OS vulnerability CVE-2025-57780 7.8 (standard mode) (CVSS v3.1)
8.8 (appliance mode) (CVSS v3.1)
8.5 (standard and appliance mode) (CVSS v4.0)		 F5OS-A 1.8.0<sup>3</sup>
1.5.1 - 1.5.3		 1.8.3
1.5.4
F5OS-C 1.8.0 - 1.8.1
1.6.0 - 1.6.2<sup>3</sup>		 1.8.2
1.6.4
K000139514: BIG-IP SSL/TLS vulnerability CVE-2025-60016 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP (all modules) 17.1.0 - 17.1.1 17.1.2
BIG-IP Next SPK 1.7.0 - 1.9.2 2.0.0
BIG-IP Next CNF 1.1.0 - 1.3.3 2.0.0
1.4.0
K000150614: BIG-IP MPTCP vulnerability CVE-2025-48008 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP (all modules) 17.1.0 - 17.1.2
16.1.0 - 16.1.5
15.1.0 - 15.1.10		 17.1.2.2
16.1.6
15.1.10.8
BIG-IP Next SPK 1.7.0 - 1.9.2 None
BIG-IP Next CNF 1.1.0 - 1.4.1 None
K000150637: BIG-IP DNS cache vulnerability CVE-2025-59781 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP (all modules) 17.1.0 - 17.1.2
16.1.0 - 16.1.5
15.1.0 - 15.1.10		 17.1.2.2
16.1.6
15.1.10.8
BIG-IP Next CNF 1.1.0 - 1.4.0 1.4.0 EHF-3<sup>4</sup>
K000150667: BIG-IP SSL Orchestrator vulnerability CVE-2025-41430 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP SSL Orchestrator 17.5.0
17.1.0 - 17.1.2
16.1.0 - 16.1.3
15.1.0 - 15.1.9		 17.5.1
17.1.3
16.1.4
K000150752: BIG-IP HTTP/2 vulnerability CVE-2025-55669 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP ASM 17.1.0 - 17.1.2
16.1.0 - 16.1.5		 17.1.2.2
16.1.5
K000151309: BIG-IP DTLS 1.2 vulnerability CVE-2025-61951 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP (all modules) 17.5.0
17.1.0 - 17.1.2
16.1.0 - 16.1.6		 17.5.1
17.1.3
16.1.6.1
K000151368: BIG-IP SSL Orchestrator vulnerability CVE-2025-55036 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP SSL Orchestrator 17.1.0 - 17.1.2
16.1.0 - 16.1.5
15.1.0 - 15.1.10		 17.1.3
16.1.6
15.1.10.8
K000151475: BIG-IP PEM vulnerability CVE-2025-54479 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP PEM 17.5.0
17.1.0 - 17.1.2
16.1.0 - 16.1.6
15.1.0 - 15.1.10		 17.5.1
17.1.3
16.1.6.1
15.1.10.8
BIG-IP Next CNF 2.0.0 - 2.1.0
1.1.0 - 1.4.0		 2.1.0 EHF-1<sup>4</sup>
2.0.2 EHF-2<sup>4</sup>
2.0.0 EHF-2<sup>4</sup>
1.4.0 EHF-3<sup>4</sup>
BIG-IP Next for Kubernetes 2.0.0 - 2.1.0 2.1.0 EHF-2<sup>4</sup>
K000151611: BIG-IP iRules vulnerability CVE-2025-46706 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP (all modules) 17.1.0 - 17.1.2
16.1.0 - 16.1.5		 17.1.2.2
16.1.6
BIG-IP Next SPK 1.7.0 - 1.9.2 2.0.0
1.7.14 EHF-2<sup>4</sup>
BIG-IP Next CNF 1.1.0 - 1.4.1 2.0.0
1.4.0 EHF-3<sup>4</sup>
K000152341: BIG-IP AFM DoS protection profile vulnerability CVE-2025-59478 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP AFM 17.5.0
17.1.0 - 17.1.2
15.1.0 - 15.1.10		 17.5.1
17.1.3
15.1.10.8
K000156624: BIG-IP Advanced WAF and ASM bd process vulnerability CVE-2025-61938 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP Advanced WAF/ASM 17.5.0
17.1.0 - 17.1.2		 17.5.1
17.1.3
K000156621: BIG-IP Advanced WAF and ASM vulnerability CVE-2025-54858 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP Advanced WAF/ASM 17.5.0 - 17.5.1
17.1.0 - 17.1.2
16.1.0 - 16.1.6
15.1.0 - 15.1.10		 17.5.1.3
17.1.3
16.1.6.1
15.1.10.8
K000156623: BIG-IP Next (CNF, SPK, and Kubernetes) vulnerability CVE-2025-58120 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP Next SPK 2.0.0
1.7.0 - 1.7.14		 2.0.1
1.7.14 EHF-2<sup>4</sup>
BIG-IP Next CNF 2.0.0
1.1.0 - 1.4.1		 2.0.1
BIG-IP Next for Kubernetes 2.0.0 2.1.0
K000156707: BIG-IP TMM vulnerability CVE-2025-53856 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP (all modules) 17.5.0 - 17.5.1
17.1.0 - 17.1.2
16.1.0 - 16.1.6
15.1.0 - 15.1.10		 17.5.1.3
17.1.3
16.1.6.1
15.1.10.8
K000156733: BIG-IP SSL/TLS vulnerability CVE-2025-61974 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP (all modules) 17.5.0 - 17.5.1
17.1.0 - 17.1.2
16.1.0 - 16.1.6
15.1.0 - 15.1.10		 17.5.1.3
17.1.3
16.1.6.1
15.1.10.8
BIG-IP Next SPK 2.0.0 - 2.0.2
1.7.0 - 1.9.2		 2.1.0 EHF-1<sup>4</sup>
2.0.2 EHF-2<sup>4</sup>
2.0.0 EHF-2<sup>4</sup>
1.7.14 EHF-2<sup>4</sup>
BIG-IP Next CNF 2.0.0 - 2.1.0
1.1.0 - 1.4.1		 2.1.0 EHF-1<sup>4</sup>
2.0.2 EHF-2<sup>4</sup>
2.0.0 EHF-2<sup>4</sup>
1.4.0 EHF-3<sup>4</sup>
BIG-IP Next for Kubernetes 2.0.0 - 2.1.0 2.1.0 EHF-1<sup>4</sup>
3.7 (CVSS v3.1)
6.3 (CVSS v4.0)		 F5 Silverline (all services) Not applicable Not applicable
K000156746: BIG-IP IPsec vulnerability CVE-2025-58071 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP (all modules) 17.5.0
17.1.0 - 17.1.2
16.1.0 - 16.1.6
15.1.0 - 15.1.10		 17.5.1
17.1.3
16.1.6.1
15.1.10.8
BIG-IP Next CNF 2.0.0 - 2.1.0
1.1.0 - 1.4.1		 2.1.0 EHF-1<sup>4</sup>
2.0.2 EHF-2<sup>4</sup>
2.0.0 EHF-2<sup>4</sup>
1.4.0 EHF-3<sup>4</sup>
BIG-IP Next for Kubernetes 2.0.0 - 2.1.0 2.1.0 EHF-1<sup>4</sup>
K000156741: BIG-IP APM vulnerability CVE-2025-53521 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP APM 17.5.0 - 17.5.1
17.1.0 - 17.1.2
16.1.0 - 16.1.6
15.1.0 - 15.1.10		 17.5.1.3
17.1.3
16.1.6.1
15.1.10.8
K000156597: BIG-IP APM portal access vulnerability CVE-2025-61960 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP APM 17.5.0 - 17.5.1
17.1.0 - 17.1.2
16.1.0 - 16.1.6		 17.5.1.3
17.1.3
16.1.6.1
K000156602: BIG-IP APM vulnerability CVE-2025-54854 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP APM 17.5.0 - 17.5.1
17.1.0 - 17.1.2
16.1.0 - 16.1.6
15.1.0 - 15.1.10		 17.5.1.3
17.1.3
16.1.6.1
15.1.10.8
K44517780: BIG-IP iRules vulnerability CVE-2025-53474 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP APM 17.5.0 - 17.5.1
17.1.0 - 17.1.2
16.1.0 - 16.1.6
15.1.0 - 15.1.10		 17.5.1.3
17.1.3
16.1.6.1
15.1.10.8
K000156912: BIG-IP TMM vulnerability CVE-2025-61990 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP (all modules) 17.5.0 - 17.5.1
17.1.0 - 17.1.2
16.1.0 - 16.1.6
15.1.0 - 15.1.10		 17.5.1.3
17.1.3
16.1.6.1
15.1.10.8
BIG-IP Next SPK 2.0.0 - 2.0.2
1.7.0 - 1.9.2		 2.1.0 EHF-1<sup>4</sup>
2.0.2 EHF-2<sup>4</sup>
2.0.0 EHF-2<sup>4</sup>1.7.15 EHF-2<sup>4</sup>
BIG-IP Next CNF 2.0.0 - 2.1.0
1.1.0 - 1.4.1		 2.1.0 EHF-1<sup>4</sup>
2.0.2 EHF-2<sup>4</sup>
2.0.0 EHF-2<sup>4</sup>1.4.0 EHF-3<sup>4</sup>
BIG-IP Next for Kubernetes 2.0.0 - 2.1.0 2.1.0 EHF-1<sup>4</sup>
K000156691: BIG-IP TMM vulnerability CVE-2025-58096 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP (all modules) 17.5.0 - 17.5.1
17.1.0 - 17.1.2
16.1.0 - 16.1.6
15.1.0 - 15.1.10		 17.5.1.3
17.1.3
16.1.6.1
15.1.10.8
K000154664: BIG-IP Advanced WAF and ASM vulnerability CVE-2025-61935 7.5 (CVSS v3.1)
8.7 (CVSS v4.0)		 BIG-IP Advanced WAF/ASM 17.5.0
17.1.0 - 17.1.2
15.1.0 - 15.1.10		 17.5.1
17.1.3
15.1.10.8
K000151718: VELOS partition container network vulnerability CVE-2025-59778 7.5 (CVSS v3.1)
7.7 (CVSS v4.0)		 F5OS-C 1.8.0 - 1.8.1
1.6.0 - 1.6.2<sup>3</sup>		 1.8.2
1.6.4
Vulnerabilities included in this bundle
Meta
[
  {
    "ref": [
      "https://www.cssf.lu/en/2025/10/multiple-vulnerabilities-in-f5-devices-and-products/",
      "https://rulezet.org/bundle/detail/5",
      "https://www.cisa.gov/news-events/directives/ed-26-01-mitigate-vulnerabilities-f5-devices"
    ]
  }
]
Combined sightings
Author Vulnerability Source Type Date