Bypass Restrictions in Appliance Mode for F5 Networks Software
CVE-2025-53868

8.5HIGH

Key Information:

Vendor: F5
Status: Big-ip
Vendor: CVE Published:; 15 October 2025

Badges

💰 Ransomware👾 Exploit Exists📰 News Worthy

What is CVE-2025-53868?

In Appliance mode, F5 Networks software has a vulnerability that allows a highly privileged authenticated attacker with access to SCP and SFTP to potentially bypass restrictions designed to protect the system. This vulnerability arises from the use of undisclosed commands that can exploit weaknesses in the Appliance mode configuration. Users with Software versions that have reached End of Technical Support (EoTS) will not receive evaluations for this vulnerability.

Affected Version(s)

BIG-IP 17.5.0 < 17.5.1

BIG-IP 17.1.0 < 17.1.3

BIG-IP 16.1.0 < 16.1.6.1

News Articles

Unit 42

CVE-2025-53868 CVE-2025-61955

Threat Brief: Nation-State Actor Steals F5 Source Code and Undisclosed Vulnerabilities

A nation-state actor stole BIG-IP source code and information on undisclosed vulnerabilities from F5. We explain what sets this theft apart from others.

References

https://my.f5.com/manage/s/article/K000151902

vendor-advisory

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

💰
Used in Ransomware
Oct 16, 2025
👾
Exploit known to exist
Oct 16, 2025
📰
First article discovered by Unit 42
Oct 16, 2025
Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Oct 3, 2025

Credit

JSON