{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2025-037.pdf"
    },
    "title": "Multiple Vulnerabilities in F5 Products",
    "serial_number": "2025-037",
    "publish_date": "15-10-2025 17:01:03",
    "description": "On October 15, 2025, F5 disclosed that a sophisticated nation-state actor breached its systems and maintained long-term persistent access into F5's infrastructure. This included access to BIG-IP product development source code and to information related to security vulnerabilities that had not yet been disclosed nor patched. F5 released patches on the same day to address the vulnerabilities.<br>\nThere is currently no known exploitation of these vulnerabilities. CERT-EU strongly recommends to patch affected F5 products as soon as possible.<br>\n",
    "url_title": "2025-037",
    "content_markdown": "---    \ntitle: 'Multiple Vulnerabilities in\u00a0F5\u00a0Products'\nnumber: '2025-037'\nversion: '1.0'\noriginal_date: '2025-10-15'\ndate: '2025-10-15'\n---\n\n_History:_\n\n* _15/10/2025 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn October 15, 2025, F5 disclosed that a sophisticated nation-state actor breached its systems and maintained long-term persistent access into F5's infrastructure [1]. This included access to BIG-IP product development source code and to information related to security vulnerabilities that had not yet been disclosed nor patched. F5 released patches on the same day to address the vulnerabilities [2].\n\nThere is currently no known exploitation of these vulnerabilities. CERT-EU strongly recommends to patch affected F5 products as soon as possible.\n\n# Technical Details\n\nThe vulnerability **CVE-2025-53868**, with a CVSS score of 8.5, is affecting all modules of BIG-IP and could allow a highly privileged authenticated attacker with access to Secure Copy (SCP) protocol and SFTP to bypass Appliance mode restrictions using undisclosed commands. [3]\n\nThe vulnerability **CVE-2025-61955** and **CVE-2025-57780**, with a CVSS score of 8.5, are affecting F5OS and could allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. [4,5]\n\nThe exhaustive list of vulnerabilities can be found in the F5 Quarterly Security Notification.\n\n# Affected Products\n\nBIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM are affected by the vulnerabilities [1].\n\nRefer to F5's advisory for the list of all affected products. [2]\n\n# Recommendations\n\nCERT-EU recommends to apply updates on affected F5 products as soon as possible.\n\n# References\n\n[1] <https://my.f5.com/manage/s/article/K000154696>\n\n[2] <https://my.f5.com/manage/s/article/K000156572#high>\n\n[3] <https://my.f5.com/manage/s/article/K000151902>\n\n[4] <https://my.f5.com/manage/s/article/K000156767>\n\n[5] <https://my.f5.com/manage/s/article/K000156771>",
    "content_html": "<p><em>History:</em></p><ul><li><em>15/10/2025 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On October 15, 2025, F5 disclosed that a sophisticated nation-state actor breached its systems and maintained long-term persistent access into F5's infrastructure [1]. This included access to BIG-IP product development source code and to information related to security vulnerabilities that had not yet been disclosed nor patched. F5 released patches on the same day to address the vulnerabilities [2].</p><p>There is currently no known exploitation of these vulnerabilities. CERT-EU strongly recommends to patch affected F5 products as soon as possible.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <strong>CVE-2025-53868</strong>, with a CVSS score of 8.5, is affecting all modules of BIG-IP and could allow a highly privileged authenticated attacker with access to Secure Copy (SCP) protocol and SFTP to bypass Appliance mode restrictions using undisclosed commands. [3]</p><p>The vulnerability <strong>CVE-2025-61955</strong> and <strong>CVE-2025-57780</strong>, with a CVSS score of 8.5, are affecting F5OS and could allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. [4,5]</p><p>The exhaustive list of vulnerabilities can be found in the F5 Quarterly Security Notification.</p><h2 id=\"affected-products\">Affected Products</h2><p>BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM are affected by the vulnerabilities [1].</p><p>Refer to F5's advisory for the list of all affected products. [2]</p><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU recommends to apply updates on affected F5 products as soon as possible.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://my.f5.com/manage/s/article/K000154696\">https://my.f5.com/manage/s/article/K000154696</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://my.f5.com/manage/s/article/K000156572#high\">https://my.f5.com/manage/s/article/K000156572#high</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://my.f5.com/manage/s/article/K000151902\">https://my.f5.com/manage/s/article/K000151902</a></p><p>[4] <a rel=\"noopener\" target=\"_blank\" href=\"https://my.f5.com/manage/s/article/K000156767\">https://my.f5.com/manage/s/article/K000156767</a></p><p>[5] <a rel=\"noopener\" target=\"_blank\" href=\"https://my.f5.com/manage/s/article/K000156771\">https://my.f5.com/manage/s/article/K000156771</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}