- 28/2025
- High
F5 has released security updates to address several vulnerabilities across multiple F5 products.
The addressed vulnerabilities could allow the attacker to conduct cross-site scripting attacks, bypass security restrictions, obtain sensitive information, or execute arbitrary codes and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. BIG-IP iControl REST and BIG-IP TMOS Shell (tmsh) Vulnerability (CVE-2025- 20029):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
2. BIG-IP iControl REST Security Bypass Vulnerability (CVE-2025-23239):
- CVSS: 8.7
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Bypass Security
3. BIG-IP Configuration Utility Vulnerability (CVE-2025-24320):
- CVSS: 8.0
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Cross-Site Scripting
Vulnerabilities
- CVE-2025-23419
- CVE-2025-24319
- CVE-2025-24312
- CVE-2025-22846
- CVE-2025-23239
- CVE-2025-20029
- CVE-2025-21087
- CVE-2025-23415
- CVE-2025-20045
- CVE-2025-21091
- CVE-2025-23412
- CVE-2025-24326
- CVE-2025-23413
- CVE-2025-20058
- CVE-2025-24497
- CVE-2025-22891
- CVE-2025-24320
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.