Severity
High
Analysis Summary
CVE-2025-53856 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by incorrect control flow scoping.
CVE-2025-58120 CVSS:7.5
F5 BIG-IP Next is vulnerable to a denial of service, caused by a NULL pointer dereference flaw.
CVE-2025-59778 CVSS:7.5
F5 F5OS-C is vulnerable to a denial of service, caused by VELOS partition container network vulnerability.
CVE-2025-60013 CVSS:5.7
F5 F5OS-A could allow a local authenticated attacker to execute arbitrary OS commands on the system, caused by a FIPS HSM password vulnerability.
CVE-2025-53521 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by allocation of resources without limits or throttling.
CVE-2025-61960 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by a NULL pointer dereference flaw.
Impact
- Denial of Service
- Gain Access
Indicators of Compromise
CVE
CVE-2025-53856
CVE-2025-58120
CVE-2025-59778
CVE-2025-60013
CVE-2025-53521
CVE-2025-61960
Affected Vendors
- F5
Affected Products
- F5 BIG-IP 15.1.0
- F5 BIG-IP 16.1.0
- F5 BIG-IP 17.1.0
- F5 BIG-IP Next CNF 1.1.0
- F5 BIG-IP 17.5.0
- F5 BIG-IP Next CNF 2.0.0
- F5 BIG-IP Next for Kubernetes 2.0.0
- F5 BIG-IP Next 2.0.0
- F5 BIG-IP Next 1.9.0
- F5 BIG-IP Next 1.8.0
- F5 BIG-IP Next 1.7.0
- F5 F5OS - Chassis 1.8.1
- F5 F5OS - Chassis 1.6.2
- F5 F5OS - Appliance 1.8.0
- F5 F5OS - Appliance 1.5.0
Remediation
Refer to F5 Networks Security Advisory for patch, upgrade, or suggested workaround information.