F5 Products Multiple Vulnerabilities
RISK: Extremely High Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in F5 Products. A remote attacker could exploit some of these vulnerabilities to trigger cross-site scripting, data manipulation, elevation of privilege, remote code execution, security restriction bypass, sensitive information disclosure and denial of service condition on the targeted system.
Note:
CVE-2025-53521 is being exploited in the wild. When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Hence, the risk level is rated from Medium Risk to Extremely High Risk.
[Updated on 2026-03-30]
Updated Risk Level, Impact, System / Technologies affected, Solutions and Related Links.
Impact
- Remote Code Execution
- Denial of Service
- Data Manipulation
- Information Disclosure
- Elevation of Privilege
- Security Restriction Bypass
- Cross-Site Scripting
System / Technologies affected
BIG-IP (all modules)
- version 17.5.0 - 17.5.1
- version 17.1.0 - 17.1.2
- version 16.1.0 - 16.1.6
- version 15.1.0 - 15.1.10
F5OS-A
- version 1.8.0 - 1.8.13
- version 1.5.1 - 1.5.3
F5OS-C
- version 1.8.0 - 1.8.1
- version 1.6.0 - 1.6.23
BIG-IP Next SPK
- version 2.0.0 - 2.0.2
- version 1.7.0 - 1.9.2
BIG-IP Next CNF
- version 2.0.0 - 2.1.0
- version 1.1.0 - 1.4.1
BIG-IP Next for Kubernetes
- version 2.0.0 - 2.1.0
BIG-IP SSL Orchestrator
- version 17.5.0
- version 17.1.0 - 17.1.2
- version 16.1.0 - 16.1.5
- version 15.1.0 - 15.1.10
BIG-IP ASM
- version 17.1.0 - 17.1.2
- version 16.1.0 - 16.1.5
BIG-IP Advanced WAF/ASM
- version 17.5.0 - 17.5.1
- version 17.1.0 - 17.1.2
- version 16.1.0 - 16.1.6
- version 15.1.0 - 15.1.10
BIG-IP PEM
- version 17.5.0
- version 17.1.0 - 17.1.2
- version 16.1.0 - 16.1.6
- version 15.1.0 - 15.1.10
BIG-IP AFM
- version 17.5.0
- version 17.1.0 - 17.1.2
- version 15.1.0 - 15.1.10
BIG-IP APM
- version 17.5.0 - 17.5.1
- version 17.1.0 - 17.1.2
- version 16.1.0 - 16.1.6
- version 15.1.0 - 15.1.10
BIG-IP APM, APM with SWG, SSL Orchestrator, SSL Orchestrator with SWG
- version 17.5.0
- version 17.1.0 - 17.1.2
- version 16.1.0 - 16.1.6
- version 15.1.0 - 15.1.10
NGINX App Protect WAF
- version 4.5.0 - 4.6.0
For CVE-2025-53521
- BIG-IP APM version 17.5.0 - 17.5.1
- BIG-IP APM version 17.1.0 - 17.1.2
- BIG-IP APM version 16.1.0 - 16.1.6
- BIG-IP APM version 15.1.0 - 15.1.10
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
Vulnerability Identifier
- CVE-2025-41430
- CVE-2025-46706
- CVE-2025-47148
- CVE-2025-47150
- CVE-2025-48008
- CVE-2025-53474
- CVE-2025-53521
- CVE-2025-53856
- CVE-2025-53860
- CVE-2025-53868
- CVE-2025-54479
- CVE-2025-54755
- CVE-2025-54805
- CVE-2025-54854
- CVE-2025-54858
- CVE-2025-55036
- CVE-2025-55669
- CVE-2025-55670
- CVE-2025-57780
- CVE-2025-58071
- CVE-2025-58096
- CVE-2025-58120
- CVE-2025-58153
- CVE-2025-58424
- CVE-2025-58474
- CVE-2025-59268
- CVE-2025-59269
- CVE-2025-59478
- CVE-2025-59481
- CVE-2025-59483
- CVE-2025-59778
- CVE-2025-59781
- CVE-2025-60013
- CVE-2025-60015
- CVE-2025-60016
- CVE-2025-61933
- CVE-2025-61935
- CVE-2025-61938
- CVE-2025-61951
- CVE-2025-61955
- CVE-2025-61958
- CVE-2025-61960
- CVE-2025-61974
- CVE-2025-61990
Source
Related Link
Related Tags
Share with