CVE-2025-58474: 
F5 BIG-IP Virtual Edition (tier - best) vulnerability analysis and mitigation

When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery (SSRF) protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests. The vulnerability, identified as CVE-2025-58474, affects BIG-IP Advanced WAF/ASM and NGINX App Protect WAF products. This vulnerability was disclosed on October 15, 2025, as part of F5's October 2025 Quarterly Security Notification (NVD Database).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. Additionally, under CVSS v4.0, it received a score of 6.9 (MEDIUM) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L. The vulnerability is classified under CWE-770 (Allocation of Resources Without Limits or Throttling) (NVD Database).

The vulnerability can lead to disruption of new client requests when specific configurations are in place. This affects organizations using BIG-IP Advanced WAF with SSRF protection or NGINX servers with App Protect Bot Defense enabled. The impact is primarily focused on service availability, with no direct impact on confidentiality or integrity (NVD Database).

F5 has released patches for affected systems and strongly urges customers to update their BIG-IP software as soon as possible. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued emergency directive (ED) 26-01, requiring federal agencies to inventory F5 deployments, secure internet-exposed management interfaces, and meet specific patch implementation deadlines by October 22 and October 31, 2025 (Lansweeper Blog).

The security community has responded with heightened concern due to the associated nation-state breach of F5's systems. CISA's emergency directive underscores the severity of the situation, particularly for federal agencies. Security researchers and organizations are actively monitoring for exploitation attempts and recommending immediate patching (Tenable Blog).