CVE-2025-59481: 
F5 BIG-IP Virtual Edition vulnerability analysis and mitigation

A vulnerability (CVE-2025-59481) was discovered in F5's iControl REST and BIG-IP TMOS Shell (tmsh) command functionality, disclosed on October 15, 2025. The vulnerability affects multiple versions of F5's BIG-IP products, including versions 15.1.x, 16.1.x, and 17.1.x through 17.5.x. This security flaw allows an authenticated attacker with at least resource administrator privileges to execute arbitrary system commands with elevated privileges (NVD).

The vulnerability has received a CVSS v3.1 base score of 9.1 (CRITICAL) from NIST NVD with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H, while F5 Networks assigned it a score of 8.7 (HIGH). The vulnerability is classified under CWE-250 (Execution with Unnecessary Privileges). It specifically affects the iControl REST and BIG-IP TMOS Shell command interfaces, allowing security boundary circumvention through privilege escalation (NVD, Rapid7).

If successfully exploited, this vulnerability enables an authenticated attacker with resource administrator privileges to execute arbitrary system commands with higher privileges than intended. This could lead to a security boundary breach, potentially compromising the affected system's integrity and confidentiality (NVD).

F5 has released patches for affected versions as part of their October 2025 Quarterly Security Notification. Organizations are strongly urged to update their BIG-IP software as soon as possible. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also issued emergency directive (ED) 26-01 recommending immediate patching and hardening of public-facing BIG-IP devices (Tenable).