Quarterly security updates: F5 equips BIG-IP appliances against possible attacks
The F5 developers have closed several security vulnerabilities in BIG-IP Next and BIG-IQ, among others. Malicious code may be executed.
(Image: Bild erstellt mit KI in Bing Image Creator durch heise online / dmk)
Network admins with BIG-IP appliances should study the additional information on the quarterly security updates from F5. The developers have closed various software vulnerabilities that attackers can use to cause devices to crash, for example.
DoS and malicious code attacks
In an article on the collective update, the network supplier lists the affected products and the respective security updates. A complete list is beyond the scope of this report. For example, the iControl REST component (CVE-2025-20029 “high”) of BIG-IP (all modules) is vulnerable.
At this point, a remote authenticated attacker can use a crafted request to execute their commands at system level. The creation and deletion of files is also conceivable at this point.
If the routing profile of BIG-IP is configured on a virtual server, the processing of data traffic can lead to an excessive amount of memory being used (CVE-2025-20058 “high”). This often ends in a DoS state, which leads to crashes. In the worst case, appliances then stop processing traffic and network problems occur.
Videos by heise
Even if there are currently no signs of attacks, administrators should install the security updates promptly to prepare company networks against possible attacks.
(des)
