Security vulnerabilities: F5 BIG-IP appliances are vulnerable in several places

BIG-IP Next Central Manager and Next SPK, among others, are vulnerable due to several security gaps. The appliance operating systems F5OS-A and F5OS-C are also vulnerable. F5 is now offering security patches, which admins should install promptly. So far there have been no reports of attacks.

In an overview, F5 lists the affected products as well as the respective secured versions. Admins should take a close look at this list in order to find and install the security patches relevant to them.

More rights for attackers

The manufacturer considers a vulnerability(CVE-2025-36546 / EUVD-2025-13944, CVSS 8.1, risk "high") in F5OS-A and F5OS-C to be the most dangerous. However, appliances are only vulnerable if admins allow authentication via SSH and have subsequently activated appliance mode. The security problem is that logging in via an SSH key is then still possible.

However, an attacker must obtain the SSH key of a root user to do this. Despite these requirements and hurdles, the vulnerability is classified as "critical". The developers assure that they have closed the vulnerability in F5OS-A 1.5.3 and 1.8.0 and F5OS-C 1.8.0. The developers have also fixed other vulnerabilities in these versions. For example, attackers can gain higher user rights (CVE-2025-46265 / EUVD-2025-13942, CVSS 8.8, "high").

Further dangers

Furthermore, diveser's BIG-IP appliances such as Next CNF and Next SPK and modules are also at risk. DoS attacks(CVE-2025-41399 / EUVD-2025-13946, CVSS 7.5, "high") are possible at these points. Attackers can also execute their commands(CVE-2025-31644 / EUVD-2025-13936, CVSS 8.7, "high") to manipulate systems.

(des)