FREE TRIAL
Vulnerability

F5 Calls for Immediate Updates Following Nation-State Intrusion

5 min. read
17/10/2025
By Esben Dochy
F5 vulnerability featured image

⚡ TL;DR | Go Straight to the F5 Device Audit Report
⚡ TL;DR | Go Straight to the F5 Software Audit Report

On October 15, 2025, F5 disclosed that a highly sophisticated, likely nation-state actor had maintained long-term access to its environment, stealing portions of BIG-IP source code and details on still-unreleased vulnerabilities.

F5 Source-Code Stolen

F5 disclosed in advisory K000154696 that a nation-state threat actor maintained long-term access to parts of its environment and exfiltrated BIG-IP source code plus information on still-undisclosed vulnerabilities. F5 says independent reviews found no evidence of tampering with its software supply chain, build and release pipelines included, but the theft meaningfully raises the risk of tailored exploits against unpatched devices.

In response, CISA issued Emergency Directive 26-01, ordering federal agencies to inventory F5 deployments, lock down any internet-exposed management interfaces, and meet near-term deadlines, including an Oct 22 (and Oct 31) patch requirement and an Oct 29, 2025 inventory report.

October 2025 Quarterly Security Notification

In response to this breach, F5 urges customers to update their products as soon as possible using the guidance provided in their October 2025 Quarterly Security Notification. This security advisory contains a total of 44 vulnerabilities. 27 High severity, 16 medium severity, one low severity, and one security exposure.

Discover F5 Devices and Software

As per the CISA direction, it is important to identify F5 hardware and software in your IT environment as soon as possible. Utilizing the following Lansweeper reports, you’ll get an overview of hardware and software present in your IT environment.

If you’re interested in looking at what devices are affected by the October 2025 quarterly security vulnerabilities, we’ve provided links to each vulnerability inside of Lansweeper below.

Run the F5 Device Audit Report
Run the F5 Software Audit Report

F5 October 2025 Quarterly Vulnerabilities

Article (CVE)Affected productsLansweeper Link
K000151902: BIG-IP SCP and SFTP vulnerability CVE-2025-53868BIG-IP (all modules)CVE-2025-53868
K000156767: F5OS vulnerability CVE-2025-61955F5OS-ACVE-2025-61955
F5OS-C
K000156771: F5OS vulnerability CVE-2025-57780F5OS-ACVE-2025-57780
F5OS-C
K000139514: BIG-IP SSL/TLS vulnerability CVE-2025-60016BIG-IP (all modules)CVE-2025-60016
BIG-IP Next SPK
BIG-IP Next CNF
K000150614: BIG-IP MPTCP vulnerability CVE-2025-48008BIG-IP (all modules)CVE-2025-48008
BIG-IP Next SPK
BIG-IP Next CNF
K000150637: BIG-IP DNS cache vulnerability CVE-2025-59781BIG-IP (all modules)CVE-2025-59781
BIG-IP Next CNF
K000150667: BIG-IP SSL Orchestrator vulnerability CVE-2025-41430BIG-IP SSL OrchestratorCVE-2025-41430
K000150752: BIG-IP HTTP/2 vulnerability CVE-2025-55669BIG-IP ASMCVE-2025-55669
K000151309: BIG-IP DTLS 1.2 vulnerability CVE-2025-61951BIG-IP (all modules)CVE-2025-61951
K000151368: BIG-IP SSL Orchestrator vulnerability CVE-2025-55036BIG-IP SSL OrchestratorCVE-2025-55036
K000151475: BIG-IP PEM vulnerability CVE-2025-54479BIG-IP PEMCVE-2025-54479
BIG-IP Next CNF
BIG-IP Next for Kubernetes
K000151611: BIG-IP iRules vulnerability CVE-2025-46706BIG-IP (all modules)CVE-2025-46706
BIG-IP Next SPK
BIG-IP Next CNF
K000152341: BIG-IP AFM DoS protection profile vulnerability CVE-2025-59478BIG-IP AFMCVE-2025-59478
K000156624: BIG-IP Advanced WAF and ASM bd process vulnerability CVE-2025-61938BIG-IP Advanced WAF/ASMCVE-2025-61938
K000156621: BIG-IP Advanced WAF and ASM vulnerability CVE-2025-54858BIG-IP Advanced WAF/ASMCVE-2025-54858
K000156623: BIG-IP Next (CNF, SPK, and Kubernetes) vulnerability CVE-2025-58120BIG-IP Next SPKCVE-2025-58120
BIG-IP Next CNF
BIG-IP Next for Kubernetes
K000156707: BIG-IP TMM vulnerability CVE-2025-53856BIG-IP (all modules)CVE-2025-53856
K000156733: BIG-IP SSL/TLS vulnerability CVE-2025-61974BIG-IP (all modules)CVE-2025-61974
BIG-IP Next SPK
BIG-IP Next CNF
BIG-IP Next for Kubernetes
F5 Silverline (all services)
K000156746: BIG-IP IPsec vulnerability CVE-2025-58071BIG-IP (all modules)CVE-2025-58071
BIG-IP Next CNF
BIG-IP Next for Kubernetes
K000156741: BIG-IP APM vulnerability CVE-2025-53521BIG-IP APMCVE-2025-53521
K000156597: BIG-IP APM portal access vulnerability CVE-2025-61960BIG-IP APMCVE-2025-61960
K000156602: BIG-IP APM vulnerability CVE-2025-54854BIG-IP APMCVE-2025-54854
K44517780: BIG-IP iRules vulnerability CVE-2025-53474BIG-IP APMCVE-2025-53474
K000156912: BIG-IP TMM vulnerability CVE-2025-61990BIG-IP (all modules)CVE-2025-61990
BIG-IP Next SPK
BIG-IP Next CNF
BIG-IP Next for Kubernetes
K000156691: BIG-IP TMM vulnerability CVE-2025-58096BIG-IP (all modules)CVE-2025-58096
K000154664: BIG-IP Advanced WAF and ASM vulnerability CVE-2025-61935BIG-IP Advanced WAF/ASMCVE-2025-61935
K000151718: VELOS partition container network vulnerability CVE-2025-59778F5OS-CCVE-2025-59778
K000156642: BIG-IP iControl REST and tmsh vulnerability CVE-2025-59481BIG-IP (all modules)CVE-2025-59481
K000154647: BIG-IP tmsh vulnerability CVE-2025-61958BIG-IP (all modules)CVE-2025-61958
K000148816: BIG-IP APM and SSL Orchestrator vulnerability CVE-2025-47148BIG-IP APM, APM with SWG, SSL Orchestrator, SSL Orchestrator with SWGCVE-2025-47148
K000149820: F5OS SNMP vulnerability CVE-2025-47150F5OS-ACVE-2025-47150
F5OS-C
K000154614: BIG-IP Next (CNF, SPK, and Kubernetes) vulnerability CVE-2025-55670BIG-IP Next SPKCVE-2025-55670
BIG-IP Next CNF
BIG-IP Next for Kubernetes
K000151596: BIG-IP TMM vulnerability CVE-2025-54805BIG-IP Next SPKCVE-2025-54805
BIG-IP Next CNF
BIG-IP Next for Kubernetes
K000151308: BIG-IP Configuration utility XSS vulnerability CVE-2025-59269BIG-IP (all modules)CVE-2025-59269
K000151658: BIG-IP HSB vulnerability CVE-2025-58153BIG-IP (all modules)CVE-2025-58153
K000156796: F5OS out-of-bounds write vulnerability CVE-2025-60015F5OS-ACVE-2025-60015
F5OS-C
K000156800: BIG-IP Configuration utility vulnerability CVE-2025-59483BIG-IP (all modules)CVE-2025-59483
K000154661: F5OS-A FIPS HSM password vulnerability CVE-2025-60013F5OS-ACVE-2025-60013
K90301300: BIG-IP Configuration utility vulnerability CVE-2025-59268BIG-IP (all modules)CVE-2025-59268
K000148512: BIG-IP Advanced WAF and ASM and NGINX App Protect DNS lookup vulnerability CVE-2025-58474BIG-IP Advanced WAF/ASMCVE-2025-58474
NGINX App Protect WAF
K000156596: BIG-IP APM XSS vulnerability CVE-2025-61933BIG-IP APMCVE-2025-61933
K000156801: BIG-IP Configuration utility vulnerability CVE-2025-54755BIG-IP (all modules)CVE-2025-54755
K000148625: F5OS-A FIPS HSM vulnerability CVE-2025-53860F5OS-ACVE-2025-53860
K000151297: BIG-IP TMM vulnerability CVE-2025-58424BIG-IP (all modules)CVE-2025-58424
F5 Silverline (all services)
K000150010: BIG-IP AFM security exposure
NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.

TRY NOW TALK TO SALES