--- licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0) licence_link: https://creativecommons.org/licenses/by/4.0/ licence_restrictions: https://cert.europa.eu/legal-notice licence_author: The Cybersecurity Service for the Union institutions, bodies, offices and agencies title: 'Multiple Vulnerabilities in F5 Products' number: '2025-037' version: '1.0' original_date: '2025-10-15' date: '2025-10-15' --- _History:_ * _15/10/2025 --- v1.0 -- Initial publication_ # Summary On October 15, 2025, F5 disclosed that a sophisticated nation-state actor breached its systems and maintained long-term persistent access into F5's infrastructure [1]. This included access to BIG-IP product development source code and to information related to security vulnerabilities that had not yet been disclosed nor patched. F5 released patches on the same day to address the vulnerabilities [2]. There is currently no known exploitation of these vulnerabilities. CERT-EU strongly recommends to patch affected F5 products as soon as possible. # Technical Details The vulnerability **CVE-2025-53868**, with a CVSS score of 8.5, is affecting all modules of BIG-IP and could allow a highly privileged authenticated attacker with access to Secure Copy (SCP) protocol and SFTP to bypass Appliance mode restrictions using undisclosed commands. [3] The vulnerability **CVE-2025-61955** and **CVE-2025-57780**, with a CVSS score of 8.5, are affecting F5OS and could allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. [4,5] The exhaustive list of vulnerabilities can be found in the F5 Quarterly Security Notification. # Affected Products BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM are affected by the vulnerabilities [1]. Refer to F5's advisory for the list of all affected products. [2] # Recommendations CERT-EU recommends to apply updates on affected F5 products as soon as possible. # References [1] [2] [3] [4] [5]