F5 CVE coverage for BIG-IP, application delivery controllers, WAF, VPN, and internet-facing app security infrastructure.
Vendor watch hub
The F5watch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.
At a glance
Tracked
Active
Featured
Unique CVEs
Most recent entry
Oct 15, 2025, 9:15 AM
Feed refreshes daily · 5:15 a.m. Central
Sources·CISA KEV and NVD (product vendor coverage)
"Most recent entry" is the newest item the upstream feed has published — not our sync time.
Watch items
Showing the 7 most recent items, newest first. Each row links to the official advisory.
7 rows · sorted newest first
Operations viewWhen a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46748. Known ransomware use: Known.
F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46747.
F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services. Known ransomware use: Known.
The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls.
F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages. Known ransomware use: Known.
F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system commands, create or delete files, and disable services. Known ransomware use: Known.
| Alert | Exposure | Status | Published | Source |
|---|---|---|---|---|
big-ip access policy manager vulnerability (CVE-2025-53521)When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. big-ip access policy manager | CRITICALCVE-2025-53521 Critical | active | Oct 15, 2025, 9:15 AM | CISA KEVOpen source |
F5 BIG-IP Configuration Utility Authentication Bypass VulnerabilityF5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46748. Known ransomware use: Known. BIG-IP Configuration Utility | criticalCVE-2023-46747 Critical | active | Oct 30, 2023, 7:00 PM | CISA KEVOpen source |
F5 BIG-IP Configuration Utility SQL Injection VulnerabilityF5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46747. BIG-IP Configuration Utility | criticalCVE-2023-46748 Critical | active | Oct 30, 2023, 7:00 PM | CISA KEVOpen source |
F5 BIG-IP Missing Authentication VulnerabilityF5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services. Known ransomware use: Known. BIG-IP | criticalCVE-2022-1388 Critical | active | May 9, 2022, 7:00 PM | CISA KEVOpen source |
F5 BIG-IP Traffic Management Microkernel Buffer OverflowThe Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls. BIG-IP Traffic Management Microkernel | criticalCVE-2021-22991 Critical | active | Jan 17, 2022, 6:00 PM | CISA KEVOpen source |
F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution VulnerabilityF5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages. Known ransomware use: Known. BIG-IP | criticalCVE-2020-5902 Critical | active | Nov 2, 2021, 7:00 PM | CISA KEVOpen source |
F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution VulnerabilityF5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system commands, create or delete files, and disable services. Known ransomware use: Known. BIG-IP and BIG-IQ Centralized Management | criticalCVE-2021-22986 Critical | active | Nov 2, 2021, 7:00 PM | CISA KEVOpen source |
ITECS response pathways
These pathways connect the vendor watch feed into service-owner resources that already carry commercial authority.
Use the managed firewall services pathway when this vendor alert needs an ITECS-managed response plan.
Connect the vendor watch page to broader managed detection, response, and governance planning.
Translate current watch items into a faster risk snapshot and prioritized remediation plan.
Return to the hub for cross-vendor prioritization, live filtering, and broader MSP threat context.
Vendor watch FAQ
It is the F5-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.
Use it to confirm whether current F5 issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.
Yes. ITECS can help map F5 advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.