2025-037: Multiple Vulnerabilities in F5 Products

On 15 October 2025 CERT-EU reported that F5 was breached by a sophisticated nation-state actor who maintained long-term access to F5 infrastructure and accessed BIG-IP source code and undisclosed vulnerability information; F5 published patches the same day for multiple high-severity CVEs (e.g., CVE-2025-53868, CVE-2025-61955, CVE-2025-57780) affecting BIG-IP, F5OS and related products, and CERT-EU recommends immediate application of updates while noting no known exploitation to date.