F5 Security Incident And Critical Updates - 20251016001

Overview

F5 has published an article outlining information regarding a security incident occurring in August 2025 relating to a highly sophisticated nation-state actor.

In addition to this advisory, F5 has issued its October 2025 quarterly security notification summarising multiple vulnerabilities identified across its product portfolio. The notification details newly discovered and previously unresolved issues affecting multiple F5 platforms, and provides a coordinated patch release to help customers maintain secure and supported versions across all F5 environments.

What has been observed?

The WASOC has not received any reports of exploitation on Western Australian Government networks at the time of writing.

Recommendation

The WASOC recommends environments operating F5 products to review the following articles for recommended actions, and further information on affected products and versions:

• F5 Security Incident Advisory: https://my.f5.com/manage/s/article/K000154696
• F5 Quarterly Security Notification (October 2025): https://my.f5.com/manage/s/article/K000156572
• F5 Guidance for Quarterly Security Notifications: https://my.f5.com/manage/s/article/K67091411

Additional References:

• ASD Advisory: https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/Multiple-high-severity-vulnerabilities-in-F5-products-and-incident-impacting-F5