(TLP:CLEAR) CISA Releases Emergency Directive to Mitigate Vulnerabilities in F5 Devices
Created: Thursday, October 16, 2025 - 13:47
Categories: Cybersecurity, Federal & State Resources, Security Preparedness
ACTION MAY BE REQUIREDfor utilities using F5 BIG-IP hardware devices and F5OS, BIG-IP TMOS, Virtual Edition, BIG-IP Next, BIG-IP IQ software, and BNK / CNF.
Summary: On October 15, CISA issued Emergency Directive ED 26-01: Mitigate Vulnerabilities in F5 Devices to direct Federal Civilian Executive Branch agencies to inventory F5 BIG-IP products, evaluate if the networked management interfaces are accessible from public internet, and apply newly released updates from F5.
A nation-state affiliated cyber threat actor has compromised F5 systems and exfiltrated data, including portions of the BIG-IP proprietary source code and vulnerability information, which provides the actor with a technical advantage to exploit F5 devices and software. This poses an imminent threat to networks using F5 devices and software.
Analyst Note: WaterISAC encourages members to follow CISA’s Emergency Directive and the Key Actions, which include creating an inventory of all vulnerable F5 devices (see directive for full list), updating BIG-IP hardware and software instances, hardening public-facing hardware and software appliances, disconnecting end-of-support devices, and mitigating against cookie leakage. Utilities that outsource technology support may want to consult with their service providers for assistance with remediation actions.
Original Source: https://www.cisa.gov/news-events/directives/ed-26-01-mitigate-vulnerabilities-f5-devices
Mitigation Recommendations:
Related WaterISAC PIRs: 6, 7, 7.1, 8, 10