CVE Alert: CVE-2025-59778 – F5 – F5OS – Chassis

Risk verdict

High risk of remote denial-of-service to F5OS-C containers via the Allowed IP Addresses feature; exploitation state is not confirmed in active campaigns.

Why this matters

A successful trigger can cause container terminations and impact availability of critical network and load‑balancing functions, potentially harming SLAs and uptime. The CVSS indicates network access without authentication with a high impact on availability, so outages could disrupt traffic management across data centres or edge deployments.

Most likely attack path

No user interaction is required; an attacker with network access to the control plane could exploit misconfigured or broad Allowed IP Addresses. The precondition is a configured Allowed IP Addresses setting on the F5OS-C partition control plane, with no privileges required, enabling remote DoS and potential disruption of container orchestration.

Who is most exposed

F5OS-C deployments in data centres or cloud-edge environments with management-plane exposure and permissive IP allow-lists are most at risk, especially where access controls or segmentation to the partition control plane are weak.

Detection ideas

• Sudden spikes in container terminations or restarts on affected partitions
• Logs showing control-plane container crashes or termination events
• Unusual or excessive traffic to the partition control plane from external networks
• Alerts when Allowed IP Addresses configuration changes or expands

Mitigation and prioritisation

• Apply vendor patch to fixed versions (≥1.8.2 and ≥1.6.4 as applicable)
• If patching immediately isn’t feasible, tighten or disable the Allowed IP Addresses feature and restrict management access
• Audit and harden network segmentation around the F5OS-C control plane
• Validate changes in a staging environment before rollout
• Ensure backups and high-availability redundancy are intact
• Note: KEV/EPSS data are not provided; treat as high-priority within the current patch cycle.