Skip to content

F5 Updates: End of Life, CVEs, & Latest Security Advisory

WorldTech IT is Your Trusted F5 Platinum Partner

Updated on 11/18/25

Hardware & Software End of Life

Summary: iSeries & Viprion 2k hardware are losing support, unable to handle current security and compliance needs, putting systems at risk. Lengthy order times and migration processes can take 3 - 6 months, so getting started now increases your operational security risks. 

 



End of Life ScheduleF5 Network's End of Life Schedule

Hardware & Software End of Life Dates:
Continuing to run your environment on unsupported hardware limits how you secure, scale, and modernize your applications. To help you plan confidently, we have created a clear breakdown of the lifecycle milestones and your options moving forward.

Date Upgrade
Apr-25 Hardware
End of Technical Support (EoTS) / RMA (EoRMA)
Legacy 2000s–10050s series, VIPRION B4300, Common Criteria LTM units
Jul-25
Software
End of Software Development (EoSD) & Support (EoTS)
BIG-IP 16.1.x
Oct-25 (No lifecycle events scheduled)
Jan-26
Hardware
End of New SW Support (EoNSS) / End of Sale (EoS)
iSeries (i850 → i11800), VIPRION 4480 / 4800 / B4450 / B4460
Jan-26
Software
End of Software Development (EoSD) & Support (EoTS)
BIG-IP 15.1.x FIPS

What it means for you:

  • Surprise CapEx at any time moving forward.

  • "Right-sized" boxes today will underperform in 2 to 4 years.

  • Unpatched systems leading to downtime.

  • App outages, slowdowns, or failed audits.

  • Extended Support Phase is very expensive ($$$).

iSeries:

  • Legacy platform nearing support sunset and must refresh to avoid risk!
  • i5820-DF, i7820-DF, i15600, i15800, and i15820-DF are excluded; all other models are open for refresh.
  • Past EoNSS (Dec. 31, 2025) no platform validation on new software.
  • Past EoSS (Dec. 31, 2026) no F5 fixes period. 
  • Extended Support is fee-based, feature-limited, and very expensive ($$$).
  • Replace with rSeries/VELOS sized to workload.
iSeries

Viprion:

  • The 2k Series chassis platform also hits EoNSS (Dec. 31, 2025) and EoSS (Dec. 31, 2026).
  • All blades/chassis are eligible for refresh - none are "protected."
  • Limited SSL/TLS performance and high power/cooling overhead.
  • Replace with rSeries for most, VELOS for large 4-slot+ sites.
  • Waiting amplifies compliance and performance gaps.
Viprions

How WorldTech IT Can Help

  • Elite F5 Expertise: F5 Platinum and GUARDIAN Professional Services Partner with senior engineers who specialize exclusively in F5 upgrades, migrations, and lifecycle transitions.
  • Proven Zero Downtime Upgrade Framework: A repeatable, battle-tested upgrade methodology that includes full dependency checks, compatibility validation, and structured rollback planning.
  • Reduce Risk and Strengthen Security: Avoid outages, configuration breakage, and security exposure from unsupported software. WTIT identifies and resolves issues before cutover.
  • Offload Resource Heavy Work: Free your internal teams by letting WTIT handle planning, staging, testing, and execution which accelerates timelines and reduces workload.
  • Unlock Modern Performance and Capabilities: Upgrade to supported platforms (R-Series, VELOS, modern TMOS versions) for better speed, security, reliability, and cloud-ready functionality.
  • Clear Predictable Scoping and White Glove Support: Start with a free scoping call and receive transparent project plans, milestone based pricing, and direct access to F5 certified experts.

CVE Insights

The highest vulnerabilities reported this quarter score CVSS v3.1 8.8 and CVSS v4.0 8.7. There are a variety of issues disclosed which can impact most installations. The remaining CVEs are of a High, Medium, and Low nature.

Below is the link to the list and a count of CVEs: https://my.f5.com/manage/s/article/K000156572

Security Count
High CVEs 27
Medium CVE 16
Low CVE 1
Security Exposures 1

If you would like to begin scheduling a code upgrade to eliminate these vulnerabilities or pursue the listed mitigation techniques, please reply to this email so we can design a solution that fits your needs.

Security Incident Overview

F5 disclosed a targeted nation-state intrusion in its internal product development and knowledge systems. There is no evidence of compromise to customer environments or active exploitation of undisclosed vulnerabilities. In response, F5 rotated credentials and strengthened access controls, automated patch and inventory management, enhanced network security, and hardened its development platforms with continuous monitoring. F5 also engaged CrowdStrike, Mandiant, NCC Group, and IOActive for independent validation and released updated software for BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients.

Full Advisory: F5 Security Incident (K000154696)