Wiz
Vulnerability DatabaseCVE-2025-60016

CVE-2025-60016
F5 BIG-IP Virtual Edition vulnerability analysis and mitigation

Overview

CVE-2025-60016 is a vulnerability affecting F5's BIG-IP product line, disclosed as part of F5's October 2025 Quarterly Security Notification. The vulnerability was discovered during a security incident where a nation-state threat actor gained access to F5's systems between August and October 2025 (Tenable Blog).

Technical details

The vulnerability is part of multiple security issues addressed in F5's October 2025 Quarterly Security Notification. It affects BIG-IP (All Modules) and BIG-IP Next products, specifically documented in F5 KB article K000139514 (Tenable Blog).

Impact

While specific impact details are not directly provided in the sources, the vulnerability is considered significant enough to be included in CISA's emergency directive (ED) 26-01, which requires Federal Civilian Executive Branch (FCEB) agencies to take immediate action (Tenable Blog).

Mitigation and workarounds

F5 has released patches as part of their October 2025 Quarterly Security Notification. Organizations are strongly urged to update their BIG-IP software as soon as possible. CISA's guidance also recommends hardening any public-facing BIG-IP devices and removing unsupported devices from networks (Tenable Blog).

Additional resources

SourceThis report was generated using AI

Related F5 BIG-IP Virtual Edition vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-61990HIGH8.7
  • F5 BIG-IP Virtual EditionF5 BIG-IP Virtual Edition
  • cpe:2.3:a:f5:big-ip_access_policy_manager
NoYesOct 15, 2025
CVE-2025-58071HIGH8.7
  • F5 BIG-IP Virtual EditionF5 BIG-IP Virtual Edition
  • cpe:2.3:a:f5:big-ip_access_policy_manager
NoYesOct 15, 2025
CVE-2025-61974HIGH8.7
  • F5 BIG-IP Virtual EditionF5 BIG-IP Virtual Edition
  • cpe:2.3:a:f5:big-ip_access_policy_manager
NoYesOct 15, 2025
CVE-2025-61951HIGH8.7
  • F5 BIG-IP Virtual EditionF5 BIG-IP Virtual Edition
  • cpe:2.3:a:f5:big-ip_access_policy_manager
NoYesOct 15, 2025
CVE-2025-60016HIGH8.7
  • F5 BIG-IP Virtual EditionF5 BIG-IP Virtual Edition
  • cpe:2.3:a:f5:big-ip_access_policy_manager
NoYesOct 15, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo