F5 Vulnerabilities May Allow Unauthorized Access and Service Corruption

• CVE-2025-60016: It is a vulnerability in F5 BIG-IP SSL profiles using Elliptic Curve Brainpool Diffie-Hellman groups allows crafted SSL traffic to crash the Traffic Management Microkernel (TMM). Exploitation could cause denial of service, interrupting load-balancing operations. The vulnerability has a CVSS score of 8.7.
• CVE-2025-48008: It is a vulnerability using Multipath TCP (MPTCP), specific packet sequences can trigger TMM termination. This leads to denial of service, affecting network throughput and user connectivity. Exploitation requires network access but not authentication. The vulnerability has a CVSS score of 8.7.
• CVE-2025-59781: It is a vulnerability in the DNS caching component of BIG-IP or BIG-IP Next CNF allows crafted DNS queries to exhaust memory. This condition can degrade performance or crash services, impacting DNS resolution across virtual servers. The vulnerability has a CVSS score of 8.7.
• CVE-2025-41430: It is a vulnerability in F5 BIG-IP SSL Orchestrator where crafted network traffic can crash the Traffic Management Microkernel (TMM), causing denial-of-service. The flaw can be exploited remotely without authentication, disrupting affected services. The vulnerability has a CVSS score of 8.7.
• CVE-2025-55669: It is a vulnerability in F5 BIG-IP ASM may lead to a denial-of-service under heavy concurrent request conditions. The flaw affects inspection and parsing of specific HTTP2 frames. The vulnerability has a CVSS score of 8.7.
• CVE-2025-61951: It is a vulnerability in F5 BIG-IP where crafted DTLS 1.2 configuration issue in BIG-IP with certificate, key, and SSL sign-hash set to ANY can crash TMM during secure handshake. Attackers could remotely trigger repeated crashes to impact service uptime. The vulnerability has a CVSS score of 8.7.
• CVE-2025-55036: It is a vulnerability in F5 BIG-IP SSL Orchestrator component flaw enables specially crafted TLS traffic to terminate the TMM process. While exploitation requires network access, repeated attacks can cause persistent service instability. The vulnerability has a CVSS score of 8.7.
• CVE-2025-54479: It is a vulnerability in F5 BIG-IP Policy Enforcement Manager (PEM) where a classification profile missing HTTP or HTTP2 definitions may allow traffic to crash TMM. Successful exploitation results in denial of service and dropped sessions. The vulnerability has a CVSS score of 8.7.
• CVE-2025-46706: It is a vulnerability in F5 BIG-IP crafted iRules configuration applied to a virtual server can cause TMM termination. The flaw allows unauthenticated remote attackers to trigger repeated service restarts. The vulnerability has a CVSS score of 8.7.
• CVE-2025-59478: It is a vulnerability in BIG-IP AFM is vulnerable to a traffic-handling flaw that can trigger TMM termination. Attackers may exploit packet floods to degrade firewall availability. The vulnerability has a CVSS score of 8.7.
• CVE-2025-61938: It is a vulnerability in BIG-IP ASM Advanced WAF could lead to denial of service. The issue occurs under specific inspection rules and malformed payloads. The vulnerability has a CVSS score of 8.7.
• CVE-2025-54858: It is a vulnerability in BIG-IP ASM suffers from a logic error that can interrupt TMM operation when processing crafted inputs. The vulnerability affects multiple major versions. The vulnerability has a CVSS score of 8.7.
• CVE-2025-58120: It is a vulnerability in BIG-IP Next SPK CNF that contains a service-availability issue caused by improper session state management. It could lead to disruption of application traffic flows in clustered environments. The vulnerability has a CVSS score of 8.7.
• CVE-2025-53856: It is a vulnerability in Multiple BIG-IP modules are affected by an undisclosed denial-of-service vulnerability. Exploitation can cause performance degradation and temporary service outages. The vulnerability has a CVSS score of 8.7.
• CVE-2025-61974: It is a vulnerability in BIG-IP modules that allow certain SSL or TLS operations to trigger crashes in specific traffic paths. It poses a high risk to availability in production environments. The vulnerability has a CVSS score of 8.7.
• CVE-2025-58071: It is a vulnerability in BIG-IP DNS-handling routines that can lead to denial of service from crafted query patterns. The vulnerability primarily impacts name-resolution stability. The vulnerability has a CVSS score of 8.7.
• CVE-2025-53521: It is a vulnerability in BIG-IP APM contains a vulnerability that could result in denial of service through malformed access policy requests. The vulnerability has a CVSS score of 8.7.
• CVE-2025-61960: It is a vulnerability in NULL-pointer dereference in BIG-IP APM triggered when a per-request policy is configured on a portal-access virtual server can crash the Traffic Management Microkernel (TMM), causing a denial-of-service and TMM restart. The vulnerability has a CVSS score of 8.7.
• CVE-2025-54854: It is a vulnerability in APM logic flaw in multiple BIG-IP versions can cause temporary unresponsiveness of access sessions when triggered by malformed inputs. The vulnerability has a CVSS score of 8.7.
• CVE-2025-53474: It is a denial-of-service vulnerability that affects BIG-IP APM session management, where repeated malformed requests can overload TMM. The vulnerability has a CVSS score of 8.7.
• CVE-2025-61990: It is a vulnerability in BIG-IP Traffic Management Microkernel (TMM) of BIG-IP on multi-bladed platforms can cause memory corruption and crash the TMM, leading to denial-of-service. The vulnerability has a CVSS score of 8.7.
• CVE-2025-58096: It is a denial-of-service vulnerability in BIG-IP occurs when the database variable tm.tcpudptxchecksum is set to Software-only, allowing crafted network traffic to crash the TMM process. The vulnerability has a CVSS score of 8.7.
• CVE-2025-61935: It is a vulnerability in BIG-IP ASM Advanced WAF could enable remote attackers to exhaust system resources through crafted requests. The vulnerability has a CVSS score of 8.7.
• CVE-2025-59778: It is a vulnerability in denial-of-service flaw F5OS-C (VELOS) occurs when the Allowed IP Addresses feature is enabled, allowing crafted traffic to crash into multiple control-plane containers. The vulnerability has a CVSS score of 7.7.
• CVE-2025-59481: It is a vulnerability in Multiple BIG-IP modules that can result in degraded performance or TMM crash under specific conditions. The vulnerability has a CVSS score of 8.7.
• CVE-2025-61958: It is a vulnerability in network-handling flaw in BIG-IP that allows specially crafted traffic to trigger resource exhaustion or a TMM crash, producing a remote denial-of-service that disrupts application delivery. The vulnerability has a CVSS score of 8.7.
• CVE-2025-47148: It is a vulnerability in BIG-IP when configured as both a SAML Service Provider (SP) and Identity Provider with Single Logout enabled, allowing crafted requests to degrade or disrupt services. The vulnerability has a CVSS score of 7.1.
• CVE-2025-47150: It is a vulnerability in BIG-IP F5OS Appliance and Chassis systems, certain crafted SNMP requests can cause increased SNMP memory consumption that may degrade availability or lead to service disruption The vulnerability has a CVSS score of 7.1.
• CVE-2025-55670: It is a vulnerability in BIG-IP Next repeated specific API calls can exhaust resources and cause the Traffic Management Microkernel to terminate, producing a remote denial-of-service that disrupts traffic. The vulnerability has a CVSS score of 7.1.
• CVE-2025-54805: It is a vulnerability in iRule is configured on a virtual server via the declarative API, re-instantiation cleanup can fail to release memory, causing increased TMM memory usage that may lead to resource exhaustion and denial-of-service. The vulnerability has a CVSS score of 6.5.
• CVE-2025-59269: It is a vulnerability in stored cross-site scripting (XSS) exists in an undisclosed page of the BIG-IP Configuration Utility that allows an attacker to store JavaScript which runs in the context of a logged-in user. The vulnerability has a CVSS score of 8.4.
• CVE-2025-58153: It is a vulnerability in denial-of-service vulnerability in the High-Speed Bridge (HSB) of F5 BIG-IP can cause the hardware to lock up under certain traffic conditions, disrupting packet forwarding and system availability. The vulnerability has a CVSS score of 8.2.
• CVE-2025-60015: It is a vulnerability in out-of-bounds write in F5OS-A and F5OS-C can cause memory corruption that destabilizes the appliance when triggered. The vulnerability has a CVSS score of 6.9.
• CVE-2025-59483: It is a vulnerability in undisclosed URL of the BIG-IP Configuration Utility that to manipulate file paths and access or modify sensitive files. The vulnerability has a CVSS score of 8.5.
• CVE-2025-60013: It is a vulnerability in F5 rSeries FIPS hardware security module using a password containing special shell metacharacters. The vulnerability has a CVSS score of 5.7.
• CVE-2025-59268: It is a vulnerability in undisclosed Configuration Utility endpoints expose static non-sensitive information to an unauthenticated remote attacker, allowing access via the management interface. The vulnerability has a CVSS score of 6.9.
• CVE-2025-58474: It is a vulnerability in BIG-IP Advanced WAF and NGINX App Protect may allow crafted requests to disrupt client connections, causing limited denial-of-service conditions. The vulnerability has a CVSS score of 6.9.
• CVE-2025-61933: It is a vulnerability in reflected cross-site scripting in BIG-IP APM lets an attacker craft a URL that, when visited by a logged-out user, executes arbitrary JavaScript in that users browser context. The vulnerability has a CVSS score of 6.1.
• CVE-2025-54755: It is a vulnerability in traffic inspection vulnerability in BIG-IP ASM can lead to brief TMM instability during packet analysis. The vulnerability has a CVSS score of 6.9.
• CVE-2025-53860: It is a vulnerability in F5OS-A software allows a highly privileged authenticated attacker to access sensitive data within the FIPS hardware security module (HSM) on F5 rSeries systems. The vulnerability has a CVSS score of 5.6.
• CVE-2025-58424: It is a vulnerability in F5 BIG-IP Configuration Utility allows authenticated users to inject malicious scripts into certain fields, which execute in other users browsers. The vulnerability has a CVSS score of 6.3.

RECOMMENDATION:

We strongly recommend you update F5 products to below version:

• CVE-2025-60016: https://my.f5.com/manage/s/article/K000139514
• CVE-2025-48008: https://my.f5.com/manage/s/article/K000150614
• CVE-2025-59781: https://my.f5.com/manage/s/article/K000150637
• CVE-2025-41430: https://my.f5.com/manage/s/article/K000150667
• CVE-2025-55669: https://my.f5.com/manage/s/article/K000150752
• CVE-2025-61951: https://my.f5.com/manage/s/article/K000151309
• CVE-2025-55036: https://my.f5.com/manage/s/article/K000151368
• CVE-2025-54479: https://my.f5.com/manage/s/article/K000151475
• CVE-2025-46706: https://my.f5.com/manage/s/article/K000151611
• CVE-2025-59478: https://my.f5.com/manage/s/article/K000152341
• CVE-2025-61938: https://my.f5.com/manage/s/article/K000156624
• CVE-2025-54858: https://my.f5.com/manage/s/article/K000156621
• CVE-2025-58120: https://my.f5.com/manage/s/article/K000156623
• CVE-2025-53856: https://my.f5.com/manage/s/article/K000156707
• CVE-2025-61974: https://my.f5.com/manage/s/article/K000156733
• CVE-2025-58071: https://my.f5.com/manage/s/article/K000156746
• CVE-2025-53521: https://my.f5.com/manage/s/article/K000156741
• CVE-2025-61960: https://my.f5.com/manage/s/article/K000156597
• CVE-2025-54854: https://my.f5.com/manage/s/article/K000156602
• CVE-2025-53474: https://my.f5.com/manage/s/article/K44517780
• CVE-2025-61990: https://my.f5.com/manage/s/article/K000156912
• CVE-2025-58096: https://my.f5.com/manage/s/article/K000156691
• CVE-2025-61935: https://my.f5.com/manage/s/article/K000154664
• CVE-2025-59778: https://my.f5.com/manage/s/article/K000151718
• CVE-2025-59481: https://my.f5.com/manage/s/article/K000156642
• CVE-2025-61958: https://my.f5.com/manage/s/article/K000154647
• CVE-2025-47148: https://my.f5.com/manage/s/article/K000148816
• CVE-2025-47150: https://my.f5.com/manage/s/article/K000149820
• CVE-2025-55670: https://my.f5.com/manage/s/article/K000154614
• CVE-2025-54805​: https://my.f5.com/manage/s/article/K000151596
• CVE-2025-59269: https://my.f5.com/manage/s/article/K000151308
• CVE-2025-58153: https://my.f5.com/manage/s/article/K000151658
• CVE-2025-60015: https://my.f5.com/manage/s/article/K000156796
• CVE-2025-59483: https://my.f5.com/manage/s/article/K000156800
• CVE-2025-60013: https://my.f5.com/manage/s/article/K000154661
• CVE-2025-59268: https://my.f5.com/manage/s/article/K90301300
• CVE-2025-58474: https://my.f5.com/manage/s/article/K000148512
• CVE-2025-61933: https://my.f5.com/manage/s/article/K000156596
• CVE-2025-54755: https://my.f5.com/manage/s/article/K000156801
• CVE-2025-53860: https://my.f5.com/manage/s/article/K000148625

REFERENCES:

The following reports contain further technical details:

• https://cybersecuritynews.com/f5-security-updates/