F5 BIG-IP and related products October 2025 security updates (44 vulnerabilities)
Security Patch Release
Summary
Hide ▲
Show ▼
F5 released October 2025 security updates for BIG-IP and related products, patching 44 vulnerabilities and urging customers to update immediately. The bundle includes flaws stolen in a breach detected on August 9, 2025, but F5 says it has no evidence of active exploitation of the undisclosed issues. The update set covers F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients.
Related Happenings
Ubiquiti UniFi OS security updates (multiple vulnerabilities)
Security Patch Release
H score28
First: 22.05.2026 15:00
Last: 22.05.2026 15:00
Sources 1
About this happening:
**Ubiquiti** released **security updates** for **UniFi OS** to close **five vulnerabilities**, including **three maximum-severity flaws** that could let **remote attackers without...
Ubiquiti UniFi OS security updates (multiple vulnerabilities)
Security Patch ReleaseAbout this happening: **Ubiquiti** released **security updates** for **UniFi OS** to close **five vulnerabilities**, including **three maximum-severity flaws** that could let **remote attackers without...
Latest development: 24.06.2026 15:32
CISA warned that threat actors were targeting CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910 in Ubiquiti UniFi OS devices after the flaws were patched in UniFi OS Server 5.0.8, and multiple users reported that the bugs were exploited in the wild, likely as zero-days, to create rogue administrator accounts named John Sim.
F5 BIG-IP APM active exploitation wave (CVE-2025-53521)
Exploitation Wave
H score79
First: 02.04.2026 11:25
Last: 02.04.2026 11:25
Sources 1
About this happening:
As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...
F5 BIG-IP APM active exploitation wave (CVE-2025-53521)
Exploitation WaveAbout this happening: As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...
CISA KEV patch directive for CVE-2025-53521
Advisory/Mitigation
H score86
First: 30.03.2026 10:07
Last: 30.03.2026 10:07
Sources 1
About this happening:
CISA added **CVE-2025-53521** to its **KEV catalog** and told **federal agencies** to patch the F5 BIG-IP flaw within **three days**. The directive is urgent because the bug is be...
CISA KEV patch directive for CVE-2025-53521
Advisory/MitigationAbout this happening: CISA added **CVE-2025-53521** to its **KEV catalog** and told **federal agencies** to patch the F5 BIG-IP flaw within **three days**. The directive is urgent because the bug is be...
Patch Tuesday multi-vendor security patch release (multiple vulnerabilities)
Security Patch Release
H score48
First: 11.02.2026 15:28
Last: 11.02.2026 15:28
Sources 1
About this happening:
On **Patch Tuesday**, **software vendors** released security updates across **OS, cloud, network, and application platforms**, closing multiple flaws in widely used products and s...
Patch Tuesday multi-vendor security patch release (multiple vulnerabilities)
Security Patch ReleaseAbout this happening: On **Patch Tuesday**, **software vendors** released security updates across **OS, cloud, network, and application platforms**, closing multiple flaws in widely used products and s...
CISA adds five KEV flaws and sets FCEB remediation deadline
Public Sector Action
H score41
First: 20.10.2025 22:00
Last: 20.10.2025 22:00
Sources 1
About this happening:
**CISA** added **CVE-2025-61884** in **Oracle E-Business Suite** to its **Known Exploited Vulnerabilities (KEV) Catalog** after confirming it is being **actively exploited**. The...
CISA adds five KEV flaws and sets FCEB remediation deadline
Public Sector ActionAbout this happening: **CISA** added **CVE-2025-61884** in **Oracle E-Business Suite** to its **Known Exploited Vulnerabilities (KEV) Catalog** after confirming it is being **actively exploited**. The...
Timeline
-
15.10.2025 21:01 1 articles · 8mo ago
F5 breach detected and BIG-IP source code stolen
Initial DisclosureA breach detected on August 9, 2025 exposed F5 systems, and state hackers stole source code and information on undisclosed BIG-IP security flaws.
Show sources
- F5 releases BIG-IP patches for stolen security vulnerabilities — www.bleepingcomputer.com — 15.10.2025 21:01
-
15.10.2025 21:01 3 articles · 8mo ago
F5 releases October 2025 security updates and CISA orders federal patching
Mitigation Patch UpdateF5 issued updates for 44 vulnerabilities, including flaws stolen in the breach, across BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients, urged immediate customer updates, and CISA issued ED 26-01 directing Federal Civilian Executive Branch agencies to apply the latest F5 updates by October 31, 2025 and disconnect or decommission public-facing end-of-support devices.
Show sources
- F5 releases BIG-IP patches for stolen security vulnerabilities — www.bleepingcomputer.com — 15.10.2025 21:01
- F5 releases BIG-IP patches for stolen security vulnerabilities — www.bleepingcomputer.com — 15.10.2025 21:01
- Over 266,000 F5 BIG-IP instances exposed to remote attacks — www.bleepingcomputer.com — 17.10.2025 15:16