Bypass Restrictions in Appliance Mode for F5 Networks Software
CVE-2025-53868

8.5HIGH

Key Information:

Vendor

F5
Status
Big-ip
Vendor
CVE Published:
15 October 2025

Badges

πŸ’° RansomwareπŸ‘Ύ Exploit ExistsπŸ“° News Worthy

What is CVE-2025-53868?

In Appliance mode, F5 Networks software has a vulnerability that allows a highly privileged authenticated attacker with access to SCP and SFTP to potentially bypass restrictions designed to protect the system. This vulnerability arises from the use of undisclosed commands that can exploit weaknesses in the Appliance mode configuration. Users with Software versions that have reached End of Technical Support (EoTS) will not receive evaluations for this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BIG-IP 17.5.0 < 17.5.1

BIG-IP 17.1.0 < 17.1.3

BIG-IP 16.1.0 < 16.1.6.1

News Articles

favicon imageUnit 42

Threat Brief: Nation-State Actor Steals F5 Source Code and Undisclosed Vulnerabilities

A nation-state actor stole BIG-IP source code and information on undisclosed vulnerabilities from F5. We explain what sets this theft apart from others.

References

https://my.f5.com/manage/s/article/K000151902
vendor-advisory

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • πŸ’°

    Used in Ransomware

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by Unit 42

  • Vulnerability published

  • Vulnerability Reserved

Credit

F5
JSON
.