F5 BIG-IP Arbitrary File Upload Vulnerability (CVE-2025-S9483) Advisory

Critical Vulnerability Information Vulnerability Overview Vulnerability ID: K000156800 CVE ID: CVE-2025-S9483 Vulnerability Type: Arbitrary File Upload Vulnerability Affected Product: BIG-IP Configuration Utility Impact Description There exists an undisclosed URL that allows attackers to perform arbitrary file uploads within the Configuration Utility. Attackers can exploit this vulnerability to execute arbitrary code or cause a denial-of-service. Affected Products and Versions BIG-IP Base OS: - Version: All - Status: Not applicable - Introduced Version: Not applicable - Security CVSS Score: Not applicable - Vulnerable Component: None BIG-IP Virtual Edition (VE): - Version: All - Status: Not applicable - Introduced Version: Not applicable - Security CVSS Score: Not applicable - Vulnerable Component: None Recommended Actions F5 recommends customers resolve this vulnerability by upgrading to the latest version. If immediate upgrade is not possible, implement additional mitigations to reduce risk. Additional Information Related Documentation: - K000156800: Overview of Quarterly Security Hardening - K000156800: Understanding security advisory rendering - K000156800: Overview of the F5 critical bugs policy - K000156800: F5 product and service lifecycle policy statement - K000156800: Download F5 products from MyF5 - K000156800: Subscribe to email notifications regarding F5 products and security announcements - K000156800: How to submit a security notification - K000156800: Overview of IP data plane and control plane - K000156800: Contact F5 Support ``` This information provides basic details about the vulnerability, affected products and versions, and recommended mitigation measures.

Goal Reached Thanks to every supporter — we hit 100%!

F5 BIG-IP Arbitrary File Upload Vulnerability (CVE-2025-S9483) Advisory