{"id":7742,"date":"2025-10-17T10:03:55","date_gmt":"2025-10-17T10:03:55","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/10\/17\/f5-released-security-updates-covering-multiple-products-following-recent-hack\/"},"modified":"2025-10-17T10:03:55","modified_gmt":"2025-10-17T10:03:55","slug":"f5-released-security-updates-covering-multiple-products-following-recent-hack","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/10\/17\/f5-released-security-updates-covering-multiple-products-following-recent-hack\/","title":{"rendered":"F5 Released Security Updates Covering Multiple Products Following Recent Hack"},"content":{"rendered":"

F5 Released Security Updates Covering Multiple Products Following Recent Hack
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

F5 Networks, a leading provider of application security and delivery solutions, has disclosed a significant security breach<\/a> involving a nation-state threat actor, prompting the release of critical updates for its core products.<\/p>\n

Detected in August 2025, the incident exposed internal systems to prolonged unauthorized access, leading to the theft of BIG-IP source code and undisclosed vulnerability data. <\/p>\n

In response, F5 has rolled out<\/a> patches across BIG-IP, F5OS, BIG-IQ, APM clients, and BIG-IP Next for Kubernetes to safeguard customers amid heightened risks.<\/p>\n

The intrusion came to light on August 9, 2025, when F5 identified suspicious activity within its BIG-IP product development environment and engineering knowledge platforms. <\/p>\n

The advanced adversary maintained persistent access, exfiltrating sensitive files including portions of source code and configuration details for a limited number of customers. <\/p>\n

No evidence suggests alterations to the software supply chain<\/a> or impacts on production systems, but the stolen intellectual property raises concerns about potential zero-day exploits targeting unpatched deployments.<\/p>\n

F5 swiftly contained the threat through comprehensive measures, halting further unauthorized actions and confirming no ongoing intrusions. <\/p>\n

The company enlisted top cybersecurity firms like CrowdStrike and Mandiant for investigation support, while collaborating with law enforcement and government agencies. <\/p>\n

This proactive stance aligns with F5\u2019s vulnerability management practices, now intensified to bolster enterprise and product security postures. <\/p>\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) responded with Emergency Directive ED 26-01<\/a>, mandating federal agencies to patch and isolate affected F5 assets immediately.<\/p>\n

F5 Security Updates<\/strong><\/h2>\n

On October 15, 2025, F5 published its Quarterly Security Notification, detailing 44 vulnerabilities addressed in the latest releases, many tied to the breach\u2019s implications. <\/p>\n

High-severity CVEs dominate, with scores up to 8.7 under CVSS v3.1, affecting components like SCP\/SFTP in BIG-IP (CVE-2025-53868) and F5OS platforms (CVE-2025-61955). <\/p>\n

These flaws enable potential denial-of-service<\/a>, privilege escalation, and remote code execution, particularly in appliance modes where risks escalate.<\/p>\n

Medium and low-risk issues include iControl REST vulnerabilities (CVE-2025-59481) and configuration utility exposures, fixed in versions such as BIG-IP 17.5.1.3 and F5OS-C 1.8.2. <\/p>\n

High Severity Vulnerabilities<\/strong><\/h3>\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
CVE ID<\/th>\nCVSS Score (v3.1 \/ v4.0)<\/th>\nAffected Products<\/th>\nAffected Versions<\/th>\nFixes Introduced In<\/th>\n<\/tr>\n<\/thead>\n
CVE-2025-53868\u200b<\/td>\n8.7 \/ 8.5<\/td>\nBIG-IP (all modules)<\/td>\n17.5.0, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10<\/td>\n17.5.1, 17.1.3, 16.1.6.1, 15.1.10.8<\/td>\n<\/tr>\n
CVE-2025-61955\u200b<\/td>\n7.8 (standard) \/ 8.8 (appliance) \/ 8.5<\/td>\nF5OS-A, F5OS-C<\/td>\nF5OS-A: 1.8.0^3, 1.5.1-1.5.3; F5OS-C: 1.8.0-1.8.1, 1.6.0-1.6.2^3<\/td>\nF5OS-A: 1.8.3, 1.5.4; F5OS-C: 1.8.2, 1.6.4<\/td>\n<\/tr>\n
CVE-2025-57780\u200b<\/td>\n7.8 (standard) \/ 8.8 (appliance) \/ 8.5<\/td>\nF5OS-A, F5OS-C<\/td>\nF5OS-A: 1.8.0^3, 1.5.1-1.5.3; F5OS-C: 1.8.0-1.8.1, 1.6.0-1.6.2^3<\/td>\nF5OS-A: 1.8.3, 1.5.4; F5OS-C: 1.8.2, 1.6.4<\/td>\n<\/tr>\n
CVE-2025-60016\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP (all modules), BIG-IP Next SPK, BIG-IP Next CNF<\/td>\nBIG-IP: 17.1.0-17.1.1; Next SPK: 1.7.0-1.9.2; Next CNF: 1.1.0-1.3.3<\/td>\nBIG-IP: 17.1.2; Next SPK: 2.0.0; Next CNF: 2.0.0, 1.4.0<\/td>\n<\/tr>\n
CVE-2025-48008\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP (all modules), BIG-IP Next SPK, BIG-IP Next CNF<\/td>\nBIG-IP: 17.1.0-17.1.2, 16.1.0-16.1.5, 15.1.0-15.1.10; Next SPK: 1.7.0-1.9.2; Next CNF: 1.1.0-1.4.1<\/td>\nBIG-IP: 17.1.2.2, 16.1.6, 15.1.10.8; Next SPK: None; Next CNF: None<\/td>\n<\/tr>\n
CVE-2025-59781\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP (all modules), BIG-IP Next CNF<\/td>\nBIG-IP: 17.1.0-17.1.2, 16.1.0-16.1.5, 15.1.0-15.1.10; Next CNF: 1.1.0-1.4.0<\/td>\nBIG-IP: 17.1.2.2, 16.1.6, 15.1.10.8; Next CNF: 1.4.0 EHF-3^4<\/td>\n<\/tr>\n
CVE-2025-41430\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP SSL Orchestrator<\/td>\n17.5.0, 17.1.0-17.1.2, 16.1.0-16.1.3, 15.1.0-15.1.9<\/td>\n17.5.1, 17.1.3, 16.1.4<\/td>\n<\/tr>\n
CVE-2025-55669\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP ASM<\/td>\n17.1.0-17.1.2, 16.1.0-16.1.5<\/td>\n17.1.2.2, 16.1.6<\/td>\n<\/tr>\n
CVE-2025-61951\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP (all modules)<\/td>\n17.5.0, 17.1.0-17.1.2, 16.1.0-16.1.6<\/td>\n17.5.1, 17.1.3, 16.1.6.1<\/td>\n<\/tr>\n
CVE-2025-55036\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP SSL Orchestrator<\/td>\n17.1.0-17.1.2, 16.1.0-16.1.5, 15.1.0-15.1.10<\/td>\n17.1.3, 16.1.6, 15.1.10.8<\/td>\n<\/tr>\n
CVE-2025-54479\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP PEM, BIG-IP Next CNF, BIG-IP Next for Kubernetes<\/td>\nBIG-IP PEM: 17.5.0, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10; Next CNF: 2.0.0-2.1.0, 1.1.0-1.4.0; Next K8s: 2.0.0-2.1.0<\/td>\nBIG-IP PEM: 17.5.1, 17.1.3, 16.1.6.1, 15.1.10.8; Next CNF: 2.1.0 EHF-1^4, 2.0.2 EHF-2^4, 2.0.0 EHF-2^4, 1.4.0 EHF-3^4; Next K8s: 2.1.0 EHF-2^4<\/td>\n<\/tr>\n
CVE-2025-46706\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP (all modules), BIG-IP Next SPK, BIG-IP Next CNF<\/td>\nBIG-IP: 17.1.0-17.1.2, 16.1.0-16.1.5; Next SPK: 1.7.0-1.9.2; Next CNF: 1.1.0-1.4.1<\/td>\nBIG-IP: 17.1.2.2, 16.1.6; Next SPK: 2.0.0, 1.7.14 EHF-2^4; Next CNF: 2.0.0, 1.4.0 EHF-3^4<\/td>\n<\/tr>\n
CVE-2025-59478\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP AFM<\/td>\n17.5.0, 17.1.0-17.1.2, 15.1.0-15.1.10<\/td>\n17.5.1, 17.1.3, 15.1.10.8<\/td>\n<\/tr>\n
CVE-2025-61938\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP Advanced WAF\/ASM<\/td>\n17.5.0, 17.1.0-17.1.2<\/td>\n17.5.1, 17.1.3<\/td>\n<\/tr>\n
CVE-2025-54858\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP Advanced WAF\/ASM<\/td>\n17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10<\/td>\n17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8<\/td>\n<\/tr>\n
CVE-2025-58120\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP Next SPK, BIG-IP Next CNF, BIG-IP Next for Kubernetes<\/td>\nNext SPK: 2.0.0, 1.7.0-1.7.14; Next CNF: 2.0.0, 1.1.0-1.4.1; Next K8s: 2.0.0<\/td>\nNext SPK: 2.0.1, 1.7.14 EHF-2^4; Next CNF: 2.0.1; Next K8s: 2.1.0<\/td>\n<\/tr>\n
CVE-2025-53856\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP (all modules)<\/td>\n17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10<\/td>\n17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8<\/td>\n<\/tr>\n
CVE-2025-61974\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP (all modules), BIG-IP Next SPK, BIG-IP Next CNF, BIG-IP Next for Kubernetes<\/td>\nBIG-IP: 17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10; Next SPK: 2.0.0-2.0.2, 1.7.0-1.9.2; Next CNF: 2.0.0-2.1.0, 1.1.0-1.4.1; Next K8s: 2.0.0-2.1.0<\/td>\nBIG-IP: 17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8; Next SPK: 2.1.0 EHF-1^4, 2.0.2 EHF-2^4, 2.0.0 EHF-2^4, 1.7.14 EHF-2^4; Next CNF: 2.1.0 EHF-1^4, 2.0.2 EHF-2^4, 2.0.0 EHF-2^4, 1.4.0 EHF-3^4; Next K8s: 2.1.0 EHF-1^4<\/td>\n<\/tr>\n
CVE-2025-58071\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP (all modules), BIG-IP Next CNF, BIG-IP Next for Kubernetes<\/td>\nBIG-IP: 17.5.0, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10; Next CNF: 2.0.0-2.1.0, 1.1.0-1.4.1; Next K8s: 2.0.0-2.1.0<\/td>\nBIG-IP: 17.5.1, 17.1.3, 16.1.6.1, 15.1.10.8; Next CNF: 2.1.0 EHF-1^4, 2.0.2 EHF-2^4, 2.0.0 EHF-2^4, 1.4.0 EHF-3^4; Next K8s: 2.1.0 EHF-1^4<\/td>\n<\/tr>\n
CVE-2025-53521\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP APM<\/td>\n17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10<\/td>\n17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8<\/td>\n<\/tr>\n
CVE-2025-61960\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP APM<\/td>\n17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6<\/td>\n17.5.1.3, 17.1.3, 16.1.6.1<\/td>\n<\/tr>\n
CVE-2025-54854\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP APM<\/td>\n17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10<\/td>\n17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8<\/td>\n<\/tr>\n
CVE-2025-53474\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP APM<\/td>\n17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10<\/td>\n17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8<\/td>\n<\/tr>\n
CVE-2025-61990\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP (all modules), BIG-IP Next SPK, BIG-IP Next CNF, BIG-IP Next for Kubernetes<\/td>\nBIG-IP: 17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10; Next SPK: 2.0.0-2.0.2, 1.7.0-1.9.2; Next CNF: 2.0.0-2.1.0, 1.1.0-1.4.1; Next K8s: 2.0.0-2.1.0<\/td>\nBIG-IP: 17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8; Next SPK: 2.1.0 EHF-1^4, 2.0.2 EHF-2^4, 2.0.0 EHF-2^4, 1.7.15 EHF-2^4; Next CNF: 2.1.0 EHF-1^4, 2.0.2 EHF-2^4, 2.0.0 EHF-2^4, 1.4.0 EHF-3^4; Next K8s: 2.1.0 EHF-1^4<\/td>\n<\/tr>\n
CVE-2025-58096\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP (all modules)<\/td>\n17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10<\/td>\n17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8<\/td>\n<\/tr>\n
CVE-2025-61935\u200b<\/td>\n7.5 \/ 8.7<\/td>\nBIG-IP Advanced WAF\/ASM<\/td>\n17.5.0, 17.1.0-17.1.2, 15.1.0-15.1.10<\/td>\n17.5.1, 17.1.3, 15.1.10.8<\/td>\n<\/tr>\n
CVE-2025-59778\u200b<\/td>\n7.5 \/ 7.7<\/td>\nF5OS-C<\/td>\n1.8.0-1.8.1, 1.6.0-1.6.2^3<\/td>\n1.8.2, 1.6.4<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

Medium Severity Vulnerabilities<\/strong><\/h3>\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
CVE ID<\/th>\nCVSS Score (v3.1 \/ v4.0)<\/th>\nAffected Products<\/th>\nAffected Versions<\/th>\nFixes Introduced In<\/th>\n<\/tr>\n<\/thead>\n
CVE-2025-59481\u200b<\/td>\n6.5 (standard) \/ 8.7 (appliance) \/ 8.5<\/td>\nBIG-IP (all modules)<\/td>\n17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10<\/td>\n17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8<\/td>\n<\/tr>\n
CVE-2025-61958\u200b<\/td>\n6.5 (standard) \/ 8.7 (appliance) \/ 8.5<\/td>\nBIG-IP (all modules)<\/td>\n17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10<\/td>\n17.5.1.1, 17.1.3, 16.1.6.1, 15.1.10.8<\/td>\n<\/tr>\n
CVE-2025-47148\u200b<\/td>\n6.5 \/ 7.1<\/td>\nBIG-IP APM, APM with SWG, SSL Orchestrator, SSL Orchestrator with SWG<\/td>\n17.5.0, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10<\/td>\n17.5.1, 17.1.3, 16.1.6.1, 15.1.10.8<\/td>\n<\/tr>\n
CVE-2025-47150\u200b<\/td>\n6.5 \/ 7.1<\/td>\nF5OS-A, F5OS-C<\/td>\nF5OS-A: 1.8.0-1.8.1^3, 1.5.1-1.5.2; F5OS-C: 1.6.0-1.6.2^3, 1.8.0<\/td>\nF5OS-A: 1.8.3, 1.5.3; F5OS-C: 1.6.4<\/td>\n<\/tr>\n
CVE-2025-55670\u200b<\/td>\n6.5 \/ 7.1<\/td>\nBIG-IP Next SPK, BIG-IP Next CNF, BIG-IP Next for Kubernetes<\/td>\nNext SPK: 1.7.0-1.9.2; Next CNF: 1.1.0-1.4.1; Next K8s: 2.0.0<\/td>\nNext SPK: None; Next CNF: None; Next K8s: 2.1.0<\/td>\n<\/tr>\n
CVE-2025-54805\u200b<\/td>\n6.5 \/ 6.0<\/td>\nBIG-IP Next SPK, BIG-IP Next CNF, BIG-IP Next for Kubernetes<\/td>\nNext SPK: 1.7.0-1.9.2; Next CNF: 1.1.0-1.4.1; Next K8s: 2.0.0<\/td>\nNext SPK: 2.0.0; Next CNF: 2.0.0; Next K8s: 2.1.0<\/td>\n<\/tr>\n
CVE-2025-59269\u200b<\/td>\n6.1 \/ 8.4<\/td>\nBIG-IP (all modules)<\/td>\n17.5.0, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10<\/td>\n17.5.1, 17.1.3, 16.1.6.1, 15.1.10.8<\/td>\n<\/tr>\n
CVE-2025-58153\u200b<\/td>\n5.9 \/ 8.2<\/td>\nBIG-IP (all modules)<\/td>\n17.5.0, 16.1.0-16.1.6, 15.1.0-15.1.10<\/td>\n17.5.1, 16.1.6.1, 15.1.10.8<\/td>\n<\/tr>\n
CVE-2025-60015\u200b<\/td>\n5.7 \/ 6.9<\/td>\nF5OS-A, F5OS-C<\/td>\nF5OS-A: 1.8.0^3, 1.5.1-1.5.3; F5OS-C: 1.8.0-1.8.1, 1.6.0-1.6.2^3<\/td>\nF5OS-A: 1.8.3, 1.5.4; F5OS-C: 1.8.2, 1.6.4<\/td>\n<\/tr>\n
CVE-2025-59483\u200b<\/td>\n6.5 \/ 8.5<\/td>\nBIG-IP (all modules)<\/td>\n17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10<\/td>\n17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8<\/td>\n<\/tr>\n
CVE-2025-60013\u200b<\/td>\n5.7 \/ 4.6<\/td>\nF5OS-A<\/td>\n1.8.0^3, 1.5.1-1.5.3<\/td>\n1.8.3, 1.5.4<\/td>\n<\/tr>\n
CVE-2025-59268\u200b<\/td>\n5.3 \/ 6.9<\/td>\nBIG-IP (all modules)<\/td>\n17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10<\/td>\n17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8<\/td>\n<\/tr>\n
CVE-2025-58474 \u200b<\/td>\n5.3 \/ 6.9<\/td>\nBIG-IP Advanced WAF\/ASM, NGINX App Protect WAF<\/td>\nBIG-IP: 17.1.0-17.1.1; NGINX: 4.5.0-4.6.0<\/td>\nBIG-IP: 17.1.2; NGINX: 4.7.0<\/td>\n<\/tr>\n
CVE-2025-61933 \u200b<\/td>\n6.1 \/ 5.1<\/td>\nBIG-IP APM<\/td>\n17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10<\/td>\n17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8<\/td>\n<\/tr>\n
CVE-2025-54755 \u200b<\/td>\n4.9 \/ 6.9<\/td>\nBIG-IP (all modules)<\/td>\n17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10<\/td>\n17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8<\/td>\n<\/tr>\n
CVE-2025-53860 \u200b<\/td>\n4.1 \/ 5.6<\/td>\nF5OS-A<\/td>\n1.8.0^3, 1.5.1-1.5.2<\/td>\n1.8.3, 1.5.3<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

Low Severity Vulnerabilities<\/strong><\/h3>\n
\n\n\n\n\n\n
CVE ID<\/th>\nCVSS Score (v3.1 \/ v4.0)<\/th>\nAffected Products<\/th>\nAffected Versions<\/th>\nFixes Introduced In<\/th>\n<\/tr>\n<\/thead>\n
CVE-2025-58424 \u200b<\/td>\n3.7 \/ 6.3<\/td>\nBIG-IP (all modules), F5 Silverline (all services)<\/td>\nBIG-IP: 17.1.0-17.1.2, 16.1.0-16.1.5, 15.1.0-15.1.10; Silverline: N\/A<\/td>\nBIG-IP: 17.1.2.2^3, 16.1.6^3, 15.1.10.8^3; Silverline: N\/A<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

Security Exposures<\/strong><\/h3>\n
\n\n\n\n\n\n
Exposure ID<\/th>\nAffected Products<\/th>\nAffected Versions<\/th>\nFixes Introduced In<\/th>\n<\/tr>\n<\/thead>\n
K000150010: BIG-IP AFM security exposure \u200b<\/td>\nBIG-IP AFM<\/td>\n17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10<\/td>\n17.5.1.1, 17.1.3<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

BIG-IP Next for Kubernetes receives targeted hotfixes, like 2.1.0 EHF-14, to mitigate TMM and SSL\/TLS weaknesses. Security exposures in BIG-IP AFM are also resolved, emphasizing the need for swift upgrades across all supported versions.<\/p>\n

F5 stresses that while no active exploitation of undisclosed flaws is known, updating is essential to prevent lateral movement and data exfiltration in customer networks.<\/p>\n

Customers should prioritize applying these updates, enabling event streaming to SIEM tools, and isolating management interfaces from public access. <\/p>\n

Decommissioning end-of-life products further reduces exposure. F5\u2019s transparency underscores the evolving nation-state threats, where stolen code could fuel sophisticated attacks on critical infrastructure.<\/p>\n

By patching promptly, organizations can maintain robust defenses against this and future incidents. For full details, refer to F5\u2019s official notification.<\/p>\n

Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n

The post F5 Released Security Updates Covering Multiple Products Following Recent Hack<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n

\t

\n
<\/BR>
\n Guru Baran
\n \t

\n
<\/BR>
\nGo to cyber-security-news<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

F5 Released Security Updates Covering Multiple Products Following Recent Hack F5 Networks, a leading provider of application security and delivery solutions, has disclosed a significant security breach involving a nation-state threat actor, prompting the release of critical updates for its core products. Detected in August 2025, the incident exposed internal systems to prolonged unauthorized access, […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,131,648],"tags":[130],"class_list":["post-7742","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerability","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/7742"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=7742"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/7742\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=7742"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=7742"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=7742"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}