F5 Updates: Latest Security
Advisory and CVEs
WorldTech IT is Your Trusted F5 Platinum Partner
Security Incident Overview
F5 disclosed a targeted nation-state intrusion in its internal product development and knowledge systems. There is no evidence of compromise to customer environments or active exploitation of undisclosed vulnerabilities. In response, F5 rotated credentials and strengthened access controls, automated patch and inventory management, enhanced network security, and hardened its development platforms with continuous monitoring. F5 also engaged CrowdStrike, Mandiant, NCC Group, and IOActive for independent validation and released updated software for BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients.
Full Advisory: F5 Security Incident (K000154696)
Hardware & Software Upgrades
As we review this quarter’s CVEs, keep in mind that all F5 hardware and software follow defined lifecycles, meaning support, software patches, and CVE updates will end soon, increasing operational and security risk:
| Date | Upgrade |
| Apr-25 | Hardware
End of Technical Support (EoTS) / RMA (EoRMA)
Legacy 2000s–10050s series, VIPRION B4300, Common Criteria LTM units
|
| Jul-25 |
Software
End of Software Development (EoSD) & Support (EoTS)
BIG-IP 16.1.x
|
| Oct-25 | (No lifecycle events scheduled) |
| Jan-26 |
Hardware
End of New SW Support (EoNSS) / End of Sale (EoS)
iSeries (i850 → i11800), VIPRION 4480 / 4800 / B4450 / B4460
|
| Jan-26 |
Software
End of Software Development (EoSD) & Support (EoTS)
BIG-IP 15.1.x FIPS
|
If you’d like assistance scoping an upgrade or patching plan, request a quick consultation below.
CVE Insights
The highest vulnerabilities reported this quarter score CVSS v3.1 8.8 and CVSS v4.0 8.7. There are a variety of issues disclosed which can impact most installations. The remaining CVEs are of a High, Medium, and Low nature.
Below is the link to the list and a count of CVEs: https://my.f5.com/manage/s/article/K000156572
| Security | Count |
| High CVEs | 27 |
| Medium CVE | 16 |
| Low CVE | 1 |
| Security Exposures | 1 |
If you would like to begin scheduling a code upgrade to eliminate these vulnerabilities or pursue the listed mitigation techniques, please reply to this email so we can design a solution that fits your needs.
