Severity
Medium
Analysis Summary
CVE-2025-54755 CVSS:4.9
F5 BIG-IP could allow a remote authenticated attacker to obtain sensitive information, caused by a directory traversal vulnerability in TMUI.
CVE-2025-60015 CVSS:5.7
F5 F5OS is vulnerable to a denial of service, caused by an out-of-bounds write vulnerability.
CVE-2025-61990 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by a double free flaw.
CVE-2025-53860 CVSS:4.1
F5 F5OS-A could allow a local authenticated attacker to obtain sensitive information, caused by a FIPS HSM vulnerability.
CVE-2025-47150 CVSS:6.5
F5 F5OS-A and F5OS-C are vulnerable to a denial of service, caused by an increase in SNMP memory resource utilization due to a flaw when SNMP is configured.
CVE-2025-54854 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by an out-of-bounds read flaw.
CVE-2025-54858 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by an uncontrolled recursion flaw.
Impact
- Denial of Service
- Information Disclosure
Indicators of Compromise
CVE
CVE-2025-54755
CVE-2025-60015
CVE-2025-61990
CVE-2025-53860
CVE-2025-47150
CVE-2025-54854
CVE-2025-54858
Affected Vendors
- F5
Affected Products
- F5 BIG-IP 15.1.0
- F5 BIG-IP 16.1.0
- F5 BIG-IP 17.1.0
- F5 BIG-IP Next CNF 1.1.0
- F5 BIG-IP Next SPK 1.8.0
- F5 BIG-IP 17.5.0
- F5 BIG-IP Next CNF 2.0.0
- F5 BIG-IP Next SPK 2.0.0
- F5 BIG-IP Next for Kubernetes 2.0.0
- F5 F5OS - Chassis 1.8.1
- F5 F5OS - Chassis 1.6.2
- F5 F5OS - Appliance 1.8.0
- F5 F5OS - Appliance 1.5.0
- F5 F5OS - Appliance 1.5.3
- F5 BIG-IP Next SPK 1.9.0
- F5 F5OS-A - 1.5.1 - 1.5.2 - 1.8.0 - 1.8.1
- F5 F5OS-C - 1.6.0 - 1.6.2
Remediation
Refer to F5 Security Advisory for patch, upgrade, or suggested workaround information.