Cert-In-Advisories

[CIVN-2025-0269] Multiple Vulnerabilities in F5 BIG-IP

By Published On: October 17, 2025

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in F5 BIG-IP 
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Systems Affected
BIG-IP (all modules) 
17.5.0
17.1.0 – 17.1.2
17.1.0 – 17.1.1
16.1.0 – 16.1.6
15.1.0 – 15.1.10
BIG-IP Next SPK 
2.0.0
1.7.0 – 1.9.2
BIG-IP Next CNF 
2.0.0 – 2.1.0
1.1.0 – 1.4.1
BIG-IP SSL Orchestrator
17.5.0
17.1.0 – 17.1.2
16.1.0 – 16.1.3
15.1.0 – 15.1.9
BIG-IP Next for Kubernetes 
2.0.0 – 2.1.0
BIG-IP AFM
17.5.0
7.1.0 – 17.1.2
15.1.0 – 15.1.10
Overview
Multiple vulnerabilities have been reported in F5 BIG-IP systems that smay allow undisclosed or malformed traffic to cause the Traffic Management Microkernel (TMM) to terminate, consume excessive memory resources, or result in memory corruption.
Target Audience:
Enterprise IT Departments, Network Administrators and Security Professionals, Cloud and DevOps Teams, Web Application Developers, Service Providers and Managed Service Providers, Security Operations Teams, CIOs and IT Leaders.
Risk Assessment:
Critical risks on confidentiality, integrity, and availability of the systems.
Impact Assessment:
Unauthorized access to sensitive information, compromise of integrity and confidentiality.
Description
Multiple vulnerabilities in F5 BIG IP components (SSL Orchestrator, Advanced WAF/ASM, HTTP/2, explicit forward proxy, iRules HTTP::respond, AFM DoS profiles, multi blade setups, and certain TCP checksum settings) allow specially crafted/undisclosed traffic. When the affected features are enabled and configured on a virtual server   to crash or corrupt the Traffic Management Microkernel (TMM).
Successful exploitation of these vulnerabilities could allow a remote attacker to process termination, memory corruption, or elevated memory use and resulting in Denial of Service (DoS).
Solution
Apply appropriate security updates as mentioned in:
https://my.f5.com/manage/s/article/K000150614
https://my.f5.com/manage/s/article/K000150667
https://my.f5.com/manage/s/article/K000150752
https://my.f5.com/manage/s/article/K000151368
https://my.f5.com/manage/s/article/K000151475
https://my.f5.com/manage/s/article/K000151611
https://my.f5.com/manage/s/article/K000152341
https://my.f5.com/manage/s/article/K000156623
https://my.f5.com/manage/s/article/K000156691
https://my.f5.com/manage/s/article/K000156912
Vendor Information
F5
https://my.f5.com/manage/s/article/K000156572
References
F5
https://my.f5.com/manage/s/article/K000150614
https://my.f5.com/manage/s/article/K000150667
https://my.f5.com/manage/s/article/K000150752
https://my.f5.com/manage/s/article/K000151368
https://my.f5.com/manage/s/article/K000151475
https://my.f5.com/manage/s/article/K000151611
https://my.f5.com/manage/s/article/K000152341
https://my.f5.com/manage/s/article/K000156623
https://my.f5.com/manage/s/article/K000156691
https://my.f5.com/manage/s/article/K000156912
CVE Name
CVE-2025-48008
CVE-2025-41430
CVE-2025-55669
CVE-2025-55036
CVE-2025-54479
CVE-2025-46706
CVE-2025-59478
CVE-2025-58120
CVE-2025-58096
CVE-2025-61990
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjyMIsACgkQ3jCgcSdc
ys+Oag/+LrxeV354grGPB5TrCx94pgHoQbWREMP4ydFtZPA2Zifr9P2e2Lbib12G
ZPHRx30UYFIAMytYBKGqRZWUW2AHJ5ivAxPYnqHPBy4uA5ib0KTMDG+3TQZ0wSLz
hKTDord5vBtyOOWo6+tB9yXjJagTPdErrcIh/1vlQoI+fR4j0iBZDxOUijl+fwDk
R0cdoErhCY6oHI97x/SD+8FECxbCz6PlaktxdcHO7BBj1BCWnXapmimF2OhFtPGV
opVJgeiy7cZaI9IqNlnf9UgCbbcMojS+Rtx7I5nOrxcMDfrQidJnRi5vfHb22+aT
Gwvd8GCNCMkR51DwgDLvznxpvaui8FW/jUuDZeuE52G0vlC2Yu/AeyWQ38ccUNhS
sGE+eSPLrQXnngwbY95dOKt/EL7Hz4CjWx6jIfuoLmQTfMcSFbQP6r7uvMGahr+l
pCWqoFg6rU4ctPsEgq7rhQK3OxU01Z0EzmK3Zxp6Te+Hn737K3XqAwH2nizyrgGP
i969tIT1W8LMLlLDLHHCGhulqm2LJHWUdIhX5+0CvJ6EeMO0slrXKCQdacGDjJWD
dNEuEpu4AYYo8gylDFBvzxuhGAYUhg1GQOAbHldXmVlwYaePCurzTLbW6g9ns/As
iwiY7YabAlRua8/Kz8QhircrZcPEAcMLdX8glK0n1jeXHozA8lQ=
=Txpo
—–END PGP SIGNATURE—–

Share this article

Related Posts

[CIVN-2025-0270] Multiple vulnerabilities in F5 products

[CIVN-2025-0270] Multiple vulnerabilities in F5 products

October 17, 2025
[CIVN-2025-0268] Denial-of-Service (DoS) vulnerability in F5 BIG-IP Advanced WAF and ASM

[CIVN-2025-0268] Denial-of-Service (DoS) vulnerability in F5 BIG-IP Advanced WAF and ASM

October 17, 2025
[CIVN-2025-0267] Denial-of-Service (DoS) Vulnerability in Schneider Electric Products

[CIVN-2025-0267] Denial-of-Service (DoS) Vulnerability in Schneider Electric Products

October 17, 2025
Total Views: 23|Daily Views: 7
Follow us :

Categories

Archives

Join our team

Join us today latest article updates!