Network and cloud management: Attackers can paralyze F5 BIG-IP appliances
Important security updates have been released for F5 BIG-IP Next and NGINX, among others. Attackers can disrupt services via DoS attacks.
(Image: FlashMovie / shutterstock.com)
To protect cloud and network environments with F5 BIG-IP appliances, admins should install the recently released security updates promptly. If this is not done, attackers can exploit several vulnerabilities and attack instances.
Multiple vulnerabilities
In the security section of its website, F5 lists further information on its quarterly security updates. Specifically affected are BIG-IP APM (security updates 16.1.6, 17.1.2.2), BIG-IP Client SSL (security updates 16.1.6, 17.1.2.2), BIG-IP APM VPN Browser Client macOS (security patch 7.2.5.3), F5 Access for Android (security update 3.1.2).
All closed vulnerabilities are classified as "high" threat level. For example, attackers can use a vulnerability (CVE-2025-54500) for a DoS attack due to a bug in the HTTP/2 implementation. Attacks should be possible remotely and without authentication.
Videos by heise
Under macOS, local attackers can bypass security mechanisms and gain higher user rights (CVE-2025-48500). Even if there are currently no reports of ongoing attacks, admins should not delay too long before patching. After all, attackers could get into companies' cloud infrastructures after successful attacks and cause mischief.
(des)
