F5 Product Security Update Advisory

Nov 11 2025

Overview

We have released security updates to fix vulnerabilities in F5 products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-60016

BIG-IP (all modules) Version: 17.1.0 or later and 17.1.1 or earlier
BIG-IP Next SPK Version: 1.7.0 or later and 1.9.2 or earlier
BIG-IP Next CNF version: 1.1.0 or later and 1.3.3 or earlier

CVE-2025-48008

BIG-IP (all modules) Version: 17.1.0 or later and 17.1.2 or earlier
BIG-IP (all modules) version: 16.1.0 or later and 16.1.5 or earlier
BIG-IP (all modules) version: 15.1.0 or later and 15.1.10 or earlier
BIG-IP Next SPK version: 1.7.0 or later and 1.9.2 or earlier
BIG-IP Next CNF version: 1.1.0 or later and 1.4.1 or earlier

CVE-2025-59781

BIG-IP (all modules) version: 17.1.0 or later and 17.1.2 or earlier
BIG-IP (all modules) version: 16.1.0 or later and 16.1.5 or earlier
BIG-IP (all modules) version: 15.1.0 or later and 15.1.10 or earlier
BIG-IP Next CNF version: 1.1.0 or later and 1.4.0 or earlier

CVE-2025-41430

BIG-IP SSL Orchestrator Version: 17.5.0
BIG-IP SSL Orchestrator Version: 17.1.0 or later and 17.1.2 or earlier
BIG-IP SSL Orchestrator version: 16.1.0 or later and 16.1.3 or earlier
BIG-IP SSL Orchestrator version: 15.1.0 or later and 15.1.9 or earlier

CVE-2025-55669

BIG-IP ASM version: 17.1.0 or later and 17.1.2 or earlier
BIG-IP ASM version: 16.1.0 or later and 16.1.5 or earlier

CVE-2025-61951

BIG-IP (all modules) version: 17.5.0
BIG-IP (all modules) Version: 17.1.0 or later and 17.1.2 or earlier
BIG-IP (all modules) version: 16.1.0 or later and 16.1.6 or earlier

CVE-2025-55036

BIG-IP SSL Orchestrator Version: 17.1.0 or later and 17.1.2 or earlier
BIG-IP SSL Orchestrator version: 16.1.0 or later and 16.1.5 or earlier
BIG-IP SSL Orchestrator version: 15.1.0 or later and 15.1.10 or earlier

CVE-2025-54479

BIG-IP PEM Version: 17.5.0
BIG-IP PEM Version: 17.1.0 or later and 17.1.2 or earlier
BIG-IP PEM version: 16.1.0 or later and 16.1.6 or earlier
BIG-IP PEM version: 15.1.0 or later and 15.1.10 or earlier
BIG-IP Next CNF version: 2.0.0 or later and 2.1.0 or later
BIG-IP Next CNF version: 1.1.0 or later and 1.4.0 or earlier
BIG-IP Next for Kubernetes version: 2.0.0 or later and 2.1.0 or earlier

CVE-2025-46706

BIG-IP (all modules) Version: 17.1.0 or later and 17.1.2 or earlier
BIG-IP (all modules) version: 16.1.0 or later and 16.1.5 or earlier
BIG-IP Next SPK version: 1.7.0 or later and 1.9.2 or later
BIG-IP Next CNF version: 1.1.0 or later and 1.4.1 or earlier

CVE-2025-59478

BIG-IP AFM Version: 17.5.0
BIG-IP AFM Version: 17.1.0 or later and 17.1.2 or earlier
BIG-IP AFM version: 15.1.0 or later and 15.1.10 or earlier

CVE-2025-61938

BIG-IP Advanced WAF/ASM Version: 17.5.0
BIG-IP Advanced WAF/ASM version: 17.1.0 or later and 17.1.2 or earlier

CVE-2025-54858

BIG-IP Advanced WAF/ASM Version: 17.5.0 or later and 17.5.1 or earlier
BIG-IP Advanced WAF/ASM version: 17.1.0 or later and 17.1.2 or earlier
BIG-IP Advanced WAF/ASM version: 16.1.0 or later and 16.1.6 or earlier
BIG-IP Advanced WAF/ASM version: 15.1.0 or later and 15.1.10 or earlier

CVE-2025-58120

BIG-IP Next SPK version: 2.0.0
BIG-IP Next SPK Version: 1.7.0 or later and 1.7.14 or earlier
BIG-IP Next CNF version: 2.0.0
BIG-IP Next CNF version: 1.1.0 or later and 1.4.1 or earlier
BIG-IP Next for Kubernetes version: 2.0.0

CVE-2025-53856

BIG-IP (all modules) Version: 17.5.0 or later and 17.5.1 or earlier
BIG-IP (all modules) Version: 17.1.0 or later and 17.1.2 or earlier
BIG-IP (all modules) version: 16.1.0 or later and 16.1.6 or earlier
BIG-IP (all modules) version: 15.1.0 or later and 15.1.10 or earlier

CVE-2025-61974

BIG-IP (all modules) version: 17.5.0 or later and 17.5.1 or earlier
BIG-IP (all modules) version: 17.1.0 or later and 17.1.2 or earlier
BIG-IP (all modules) version: 16.1.0 or later and 16.1.6 or earlier
BIG-IP (all modules) version: 15.1.0 or later and 15.1.10 or earlier
BIG-IP Next SPK version: 2.0.0 or later 2.0.2 or later
BIG-IP Next SPK version: 1.7.0 or later and 1.9.2 or earlier
BIG-IP Next CNF version: 2.0.0 or later and 2.1.0 or later
BIG-IP Next CNF version: 1.1.0 or later and 1.4.1 or earlier
BIG-IP Next for Kubernetes version: 2.0.0 or later and 2.1.0 or earlier

CVE-2025-58071

BIG-IP (all modules) Version: 17.5.0
BIG-IP (all modules) Version: 17.1.0 or later and 17.1.2 or earlier
BIG-IP (all modules) version: 16.1.0 or later and 16.1.6 or earlier
BIG-IP (all modules) version: 15.1.0 or later and 15.1.10 or earlier
BIG-IP Next CNF version: 2.0.0 or later and 2.1.0 or later
BIG-IP Next CNF version: 1.1.0 or later and 1.4.1 or earlier
BIG-IP Next for Kubernetes version: 2.0.0 or later and 2.1.0 or earlier

CVE-2025-53521

BIG-IP APM Version: 17.5.0 or later and 17.5.1 or earlier
BIG-IP APM version: 17.1.0 or later and 17.1.2 or earlier
BIG-IP APM version: 16.1.0 or later and 16.1.6 or earlier
BIG-IP APM version: 15.1.0 or later and 15.1.10 or earlier

CVE-2025-61960

BIG-IP APM version: 17.5.0 or later and 17.5.1 or earlier
BIG-IP APM version: 17.1.0 or later and 17.1.2 or earlier
BIG-IP APM version: 16.1.0 or later and 16.1.6 or earlier

CVE-2025-54854

BIG-IP APM version: 17.5.0 or later and 17.5.1 or earlier
BIG-IP APM version: 17.1.0 or later and 17.1.2 or earlier
BIG-IP APM version: 16.1.0 or later and 16.1.6 or earlier
BIG-IP APM version: 15.1.0 or later and 15.1.10 or earlier

CVE-2025-53474

CVE-2025-61990

CVE-2025-58096

BIG-IP (all modules) Version: 17.5.0 or later and 17.5.1 or earlier
BIG-IP (all modules) version: 17.1.0 or later and 17.1.2 or earlier
BIG-IP (all modules) version: 16.1.0 or later and 16.1.6 or earlier
BIG-IP (all modules) version: 15.1.0 or later and 15.1.10 or earlier

CVE-2025-61935

BIG-IP Advanced WAF/ASM Version: 17.5.0
BIG-IP Advanced WAF/ASM Version: 17.1.0 or later and 17.1.2 or earlier
BIG-IP Advanced WAF/ASM Version: 15.1.0 or later and 15.1.10 or earlier

CVE-2025-59778

F5OS-C Version: 1.8.0 or later and 1.8.1 or earlier
F5OS-C Version: 1.6.0 or later and 1.6.2 or earlier

CVE-2025-59481

CVE-2025-61958

CVE-2025-47148

BIG-IP APM / SSL Orchestrator, etc. Version: 17.5.0
BIG-IP APM / SSL Orchestrator, etc. Version: 17.1.0 or later and 17.1.2 or earlier
BIG-IP APM / SSL Orchestrator, etc. version: 16.1.0 or later and 16.1.6 or earlier
BIG-IP APM / SSL Orchestrator, etc. version: 15.1.0 or later 15.1.10 or earlier

CVE-2025-47150

F5OS-A Version: 1.8.0 or later and 1.8.1 or earlier
F5OS-A Version: 1.5.1 or later and 1.5.2 or earlier
F5OS-C Versions: 1.6.0 or later and 1.6.2 or earlier
F5OS-C Versions: 1.8.0 and later

CVE-2025-55670

BIG-IP Next SPK Version: 1.7.0 or later and 1.9.2 or earlier
BIG-IP Next CNF Version: 1.1.0 or later and 1.4.1 or earlier
BIG-IP Next for Kubernetes version: 2.0.0

CVE-2025-54805

BIG-IP Next SPK Version: 1.7.0 or later and 1.9.2 or earlier
BIG-IP Next CNF Version: 1.1.0 or later and 1.4.1 or earlier
BIG-IP Next for Kubernetes version: 2.0.0

CVE-2025-59269

BIG-IP (all modules) Version: 17.5.0
BIG-IP (all modules) version: 17.1.0 or later and 17.1.2 or earlier
BIG-IP (all modules) version: 16.1.0 or later and 16.1.6 or earlier
BIG-IP (all modules) version: 15.1.0 or later and 15.1.10 or earlier

CVE-2025-58153

BIG-IP (all modules) Version: 17.5.0
BIG-IP (all modules) Version: 16.1.0 or later and 16.1.6 or earlier
BIG-IP (all modules) version: 15.1.0 or later and 15.1.10 or earlier

CVE-2025-60015

F5OS-A Version: 1.8.0
F5OS-A Version: 1.5.1 or later and 1.5.3 or earlier
F5OS-C Versions: 1.8.0 or later and 1.8.1 or earlier
F5OS-C Versions: 1.6.0 or later and 1.6.2 or earlier

CVE-2025-59483

CVE-2025-60013

F5OS-A Version: 1.8.0
F5OS-A Version: 1.5.1 or later and 1.5.3 or earlier

CVE-2025-59268

CVE-2025-58474

BIG-IP Advanced WAF/ASM version: 17.1.0 or later and 17.1.1 or earlier
NGINX App Protect WAF Version: 4.5.0 or later and 4.6.0 or earlier

CVE-2025-61933

CVE-2025-54755

CVE-2025-53860

F5OS-A Version: 1.8.0
F5OS-A Version: 1.5.1 or later and 1.5.2 or earlier

CVE-2025-58424

Resolved Vulnerabilities

SSL/TLS Vulnerability in BIG-IP (CVE-2025-60016)
Denial of Service Vulnerability in BIG-IP MPTCP (CVE-2025-48008)
DNS Cache Vulnerability in BIG-IP (CVE-2025-59781)
Denial of Service Vulnerability due to TMM Termination in BIG-IP SSL Orchestrator (CVE-2025-41430)
Denial of Service Vulnerability due to TMM Termination in BIG-IP Advanced WAF/ASM (CVE-2025-55669)
Denial of Service Vulnerability in BIG-IP DTLS 1.2 (CVE-2025-61951)
Memory corruption vulnerability in BIG-IP SSL Orchestrator (CVE-2025-55036)
Denial of Service Vulnerability in BIG-IP PEM (CVE-2025-54479)
Memory Overuse Vulnerability in BIG-IP iRules (CVE-2025-46706)
Denial of Service Vulnerability in BIG-IP AFM (CVE-2025-59478)
Bd Process Termination Vulnerability in BIG-IP Advanced WAF/ASM (CVE-2025-61938, CVE-2025-54858, CVE-2025-61935)
TMM termination vulnerability due to IPsec configuration in BIG-IP (CVE-2025-58071)
Denial of Service Vulnerability due to TMM shutdown in BIG-IP APM (CVE-2025-53521, CVE-2025-61960)
Apmd process termination vulnerability in BIG-IP APM (CVE-2025-54854)
Denial of Service Vulnerability due to TMM Termination in BIG-IP iRules (CVE-2025-53474)
Denial of Service Vulnerability due to TMM Termination in BIG-IP (CVE-2025-61990, CVE-2025-58096)
BASH Shell Access Vulnerability in BIG-IP (CVE-2025-61958)
Memory Overuse Vulnerability in BIG-IP SAML SP/IdP (SLO) (CVE-2025-47148)
Memory Overuse Vulnerability in F5OS-A/F5OS-C (CVE-2025-47150)
TMM Termination Vulnerability in BIG-IP Next (CNF/SPK/Kubernetes) (CVE-2025-55670)
TMM Memory Overuse Vulnerability in BIG-IP (CVE-2025-54805)
Stored XSS Vulnerability in BIG-IP (CVE-2025-59269)
HSB Lock Vulnerability in BIG-IP HSBs (CVE-2025-58153)
Memory corruption vulnerability in F5OS-A/F5OS-C (CVE-2025-60015)
URL validation vulnerability in BIG-IP (CVE-2025-59483)
FIPS HSM Initialization Failure Vulnerability in F5OS-A (CVE-2025-60013)
Static Endpoint Exposure Vulnerability in BIG-IP (CVE-2025-59268)
Client Request Abort Vulnerability in BIG-IP Advanced WAF (CVE-2025-58474)
Reflected XSS Vulnerability in BIG-IP APM (CVE-2025-61933)
Path Traversal Vulnerability in BIG-IP TMUI (CVE-2025-54755)
FIPS HSM Information Disclosure Vulnerability in F5OS-A (CVE-2025-53860)
TCP Blind Injection Vulnerability in BIG-IP (CVE-2025-58424)

Vulnerability Patches

vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-60016

BIG-IP (all modules) Version: 17.1.2
BIG-IP Next SPK Version: 2.0.0
BIG-IP Next CNF Version: 2.0.0
BIG-IP Next CNF version: 1.4.0

CVE-2025-48008

BIG-IP (all modules) Version: 17.1.2.2
BIG-IP (all modules) version: 16.1.6
BIG-IP (all modules) version: 15.1.10.8

CVE-2025-59781

BIG-IP (all modules) Version: 17.1.2.2
BIG-IP (all modules) Version: 16.1.6
BIG-IP (all modules) version: 15.1.10.8
BIG-IP Next CNF Version: 1.4.0 EHF-3

CVE-2025-41430

BIG-IP SSL Orchestrator Version: 17.5.1
BIG-IP SSL Orchestrator Version: 17.1.3
BIG-IP SSL Orchestrator Version: 16.1.4

CVE-2025-55669

BIG-IP ASM Version: 17.1.2.2
BIG-IP ASM Version: 16.1.6

CVE-2025-61951

BIG-IP (all modules) version: 17.5.1
BIG-IP (all modules) Version: 17.1.3
BIG-IP (all modules) version: 16.1.6.1

CVE-2025-55036

BIG-IP SSL Orchestrator Version: 17.1.3
BIG-IP SSL Orchestrator Version: 16.1.6
BIG-IP SSL Orchestrator Version: 15.1.10.8

CVE-2025-54479

BIG-IP PEM Version: 17.5.1
BIG-IP PEM Version: 17.1.3
BIG-IP PEM version: 16.1.6.1
BIG-IP PEM version: 15.1.10.8
BIG-IP Next CNF version: 2.1.0 EHF-1
BIG-IP Next CNF version: 2.0.2 EHF-2
BIG-IP Next CNF version: 2.0.0 EHF-2
BIG-IP Next CNF version: 1.4.0 EHF-3
BIG-IP Next for Kubernetes version: 2.1.0 EHF-2

CVE-2025-46706

BIG-IP (all modules) Version: 17.1.2.2
BIG-IP (all modules) version: 16.1.6
BIG-IP Next SPK version: 2.0.0
BIG-IP Next SPK Version: 1.7.14 EHF-2
BIG-IP Next CNF version: 2.0.0
BIG-IP Next CNF version: 1.4.0 EHF-3

CVE-2025-59478

BIG-IP AFM Version: 17.5.1
BIG-IP AFM Version: 17.1.3
BIG-IP AFM version: 15.1.10.8

CVE-2025-61938

BIG-IP Advanced WAF/ASM Version: 17.5.1
BIG-IP Advanced WAF/ASM Version: 17.1.3

CVE-2025-54858

BIG-IP Advanced WAF/ASM Version: 17.5.1.3
BIG-IP Advanced WAF/ASM Version: 17.1.3
BIG-IP Advanced WAF/ASM Version: 16.1.6.1
BIG-IP Advanced WAF/ASM version: 15.1.10.8

CVE-2025-58120

BIG-IP Next SPK version: 2.0.1
BIG-IP Next SPK Version: 1.7.14 EHF-2
BIG-IP Next CNF version: 2.0.1
BIG-IP Next for Kubernetes version: 2.1.0

CVE-2025-53856

BIG-IP (all modules) Version: 17.5.1.3
BIG-IP (all modules) version: 17.1.3
BIG-IP (all modules) Version: 16.1.6.1
BIG-IP (all modules) version: 15.1.10.8

CVE-2025-61974

BIG-IP (all modules) Version: 17.5.1.3
BIG-IP (all modules) Version: 17.1.3
BIG-IP (all modules) Version: 16.1.6.1
BIG-IP (all modules) version: 15.1.10.8
BIG-IP Next SPK version: 2.1.0 EHF-1
BIG-IP Next SPK version: 2.0.2 EHF-2
BIG-IP Next SPK version: 2.0.0 EHF-2
BIG-IP Next SPK version: 1.7.14 EHF-2
BIG-IP Next CNF version: 2.1.0 EHF-1
BIG-IP Next CNF version: 2.0.2 EHF-2
BIG-IP Next CNF version: 2.0.0 EHF-2
BIG-IP Next CNF version: 1.4.0 EHF-3
BIG-IP Next for Kubernetes version: 2.1.0 EHF-1

CVE-2025-58071

BIG-IP (all modules) Version: 17.5.1
BIG-IP (all modules) version: 17.1.3
BIG-IP (all modules) Version: 16.1.6.1
BIG-IP (all modules) version: 15.1.10.8
BIG-IP Next CNF version: 2.1.0 EHF-1
BIG-IP Next CNF version: 2.0.2 EHF-2
BIG-IP Next CNF version: 2.0.0 EHF-2
BIG-IP Next CNF version: 1.4.0 EHF-3
BIG-IP Next for Kubernetes version: 2.1.0 EHF-1

CVE-2025-53521

BIG-IP APM Version: 17.5.1.3
BIG-IP APM version: 17.1.3
BIG-IP APM version: 16.1.6.1
BIG-IP APM version: 15.1.10.8

CVE-2025-61960

BIG-IP APM Version: 17.5.1.3
BIG-IP APM version: 17.1.3
BIG-IP APM version: 16.1.6.1

CVE-2025-54854

BIG-IP APM Version: 17.5.1.3
BIG-IP APM Version: 17.1.3
BIG-IP APM version: 16.1.6.1
BIG-IP APM version: 15.1.10.8

CVE-2025-53474

BIG-IP APM Version: 17.5.1.3
BIG-IP APM version: 17.1.3
BIG-IP APM version: 16.1.6.1
BIG-IP APM version: 15.1.10.8

CVE-2025-61990

BIG-IP (all modules) version: 17.5.1.3
BIG-IP (all modules) version: 17.1.3
BIG-IP (all modules) Version: 16.1.6.1
BIG-IP (all modules) version: 15.1.10.8
BIG-IP Next SPK version: 2.1.0 EHF-1
BIG-IP Next SPK version: 2.0.2 EHF-2
BIG-IP Next SPK version: 2.0.0 EHF-2
BIG-IP Next SPK version: 1.7.15 EHF-2
BIG-IP Next CNF version: 2.1.0 EHF-1
BIG-IP Next CNF version: 2.0.2 EHF-2
BIG-IP Next CNF version: 2.0.0 EHF-2
BIG-IP Next CNF version: 1.4.0 EHF-3
BIG-IP Next for Kubernetes version: 2.1.0 EHF-1

CVE-2025-58096

BIG-IP (all modules) Version: 17.5.1.3
BIG-IP (all modules) version: 17.1.3
BIG-IP (all modules) Version: 16.1.6.1
BIG-IP (all modules) version: 15.1.10.8

CVE-2025-61935

BIG-IP Advanced WAF/ASM Version: 17.5.1
BIG-IP Advanced WAF/ASM Version: 17.1.3
BIG-IP Advanced WAF/ASM Version: 15.1.10.8

CVE-2025-59778

F5OS-C Version: 1.8.2
F5OS-C Version: 1.6.4

CVE-2025-59481

BIG-IP (all modules) Version: 17.5.1.3
BIG-IP (all modules) Version: 17.1.3
BIG-IP (all modules) Version: 16.1.6.1
BIG-IP (all modules) version: 15.1.10.8

CVE-2025-61958

BIG-IP (all modules) Version: 17.5.1.1
BIG-IP (all modules) Version: 17.1.3
BIG-IP (all modules) Version: 16.1.6.1
BIG-IP (all modules) version: 15.1.10.8

CVE-2025-47148

BIG-IP APM / SSL Orchestrator, etc. Version: 17.5.1
BIG-IP APM / SSL Orchestrator, etc. Version: 17.1.3
BIG-IP APM / SSL Orchestrator, etc. version: 16.1.6.1
BIG-IP APM / SSL Orchestrator, etc. version: 15.1.10.8

CVE-2025-47150

F5OS-A Version: 1.8.3
F5OS-A Version: 1.5.3
F5OS-C Version: 1.8.0
F5OS-C Version: 1.6.4

CVE-2025-55670

BIG-IP Next for Kubernetes version: 2.1.0

CVE-2025-54805

BIG-IP Next SPK Version: 2.0.0
BIG-IP Next CNF Version: 2.0.0
BIG-IP Next for Kubernetes version: 2.1.0

CVE-2025-59269

BIG-IP (all modules) Version: 17.5.1
BIG-IP (all modules) version: 17.1.3
BIG-IP (all modules) Version: 16.1.6.1
BIG-IP (all modules) version: 15.1.10.8

CVE-2025-58153

BIG-IP (all modules) Version: 17.5.1
BIG-IP (all modules) Version: 17.1.0
BIG-IP (all modules) Version: 16.1.6.1
BIG-IP (all modules) version: 15.1.10.8

CVE-2025-60015

F5OS-A Version: 1.8.3
F5OS-A Version: 1.5.4
F5OS-C Version: 1.8.2
F5OS-C Version: 1.6.4

CVE-2025-59483

BIG-IP (all modules) Version: 17.5.1.3
BIG-IP (all modules) Version: 17.1.3
BIG-IP (all modules) Version: 16.1.6.1
BIG-IP (all modules) version: 15.1.10.8

CVE-2025-60013

F5OS-A Version: 1.8.3
F5OS-A Version: 1.5.4

CVE-2025-59268

BIG-IP (all modules) version: 17.5.1.3
BIG-IP (all modules) version: 17.1.3
BIG-IP (all modules) Version: 16.1.6.1
BIG-IP (all modules) version: 15.1.10.8

CVE-2025-58474

BIG-IP Advanced WAF/ASM Version: 17.1.2
NGINX App Protect WAF Version: 4.7.0

CVE-2025-61933

BIG-IP APM Version: 17.5.1.3
BIG-IP APM Version: 17.1.3
BIG-IP APM version: 16.1.6.1
BIG-IP APM version: 15.1.10.8

CVE-2025-54755

BIG-IP (all modules) version: 17.5.1.3
BIG-IP (all modules) version: 17.1.3
BIG-IP (all modules) Version: 16.1.6.1
BIG-IP (all modules) version: 15.1.10.8

CVE-2025-53860

F5OS-A Version: 1.8.3
F5OS-A Version: 1.5.3

CVE-2025-58424

BIG-IP (all modules) Version: 17.1.2.2
BIG-IP (all modules) Version: 16.1.6
BIG-IP (all modules) version: 15.1.10.8

References

[1] K000156572: Quarterly Security Notification (October 2025)
https://my.f5.com/manage/s/article/K000156572

F5 Product Security Update Advisory

Microsoft Edge browser (142.0.3595.65) version security update advisory

SAP Product Security Update Advisory

Tags:

Microsoft Edge browser (142.0.3595.65) version security update advisory

SAP Product Security Update Advisory