CVE-2025-59269

Q: What is the severity of CVE-2025-59269?

CVE-2025-59269 has a CVSS score of 6.1 (MEDIUM). A stored cross-site scripting (XSS) vulnerability in the BIG-IP Configuration utility allows attackers to inject malicious JavaScript that executes in the context of logged-in users. This affects BIG-IP systems running vulnerable software versions, potentially compromising administrative sessions and system integrity.

6.1 MEDIUM

Cross-Site Scripting

📋 TL;DR

A stored cross-site scripting (XSS) vulnerability in the BIG-IP Configuration utility allows attackers to inject malicious JavaScript that executes in the context of logged-in users. This affects BIG-IP systems running vulnerable software versions, potentially compromising administrative sessions and system integrity.

💻 Affected Systems

Products:

F5 BIG-IP

Versions: Specific versions not disclosed in CVE; refer to F5 advisory K000151308 for affected versions

Operating Systems: F5 TMOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects BIG-IP Configuration utility. Software versions that have reached End of Technical Support (EoTS) are not evaluated.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, hijack sessions, modify BIG-IP configurations, redirect traffic, or install persistent backdoors leading to complete system compromise.

🟠

Likely Case

Attackers steal session cookies or credentials to gain unauthorized administrative access, potentially modifying load balancer configurations or accessing sensitive network traffic.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the BIG-IP management interface with no lateral movement to other systems.

🌐 Internet-Facing: HIGH - If the Configuration utility is exposed to the internet, attackers can directly exploit this vulnerability without internal access.

🏢 Internal Only: MEDIUM - Requires internal network access or compromised credentials, but successful exploitation still provides administrative control.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires attacker to have access to inject malicious content into the vulnerable page, then a victim must visit that page while authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to F5 advisory K000151308 for fixed versions

Vendor Advisory: https://my.f5.com/manage/s/article/K000151308

Restart Required: No

Instructions:

1. Review F5 advisory K000151308 for affected versions. 2. Upgrade to a fixed version listed in the advisory. 3. Apply the patch following F5's standard update procedures. 4. Verify the update was successful.

🔧 Temporary Workarounds

Restrict Configuration Utility Access

all

Limit access to the BIG-IP Configuration utility to trusted IP addresses only using network ACLs or firewall rules.

Implement Content Security Policy

all

Add Content Security Policy headers to restrict script execution sources and mitigate XSS impact.

🧯 If You Can't Patch

Isolate BIG-IP management interface on a separate VLAN with strict access controls
Implement multi-factor authentication for BIG-IP administrative accounts

🔍 How to Verify

Check if Vulnerable:

Check your BIG-IP version against the affected versions listed in F5 advisory K000151308

Check Version:

tmsh show sys version

Verify Fix Applied:

Verify BIG-IP version is updated to a fixed version listed in the F5 advisory

📡 Detection & Monitoring

Log Indicators:

Unusual JavaScript payloads in Configuration utility logs
Multiple failed login attempts followed by successful login from new IP

Network Indicators:

Unexpected outbound connections from BIG-IP management interface
Traffic to known malicious domains from BIG-IP

SIEM Query:

source="bigip_logs" AND ("script" OR "javascript" OR "<script>") AND event_type="config_change"

📊 Metadata

CVE ID: CVE-2025-59269

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-79

EPSS Score: 0.09% exploit probability (25.7th percentile)

Published: October 15, 2025

Last Updated: October 21, 2025

🔗 References

https://my.f5.com/manage/s/article/K000151308 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Automation Toolchain by F5

Big Ip Automation Toolchain by F5

Big Ip Automation Toolchain by F5

Big Ip Automation Toolchain by F5

Big Ip Carrier Grade Nat by F5

Big Ip Carrier Grade Nat by F5

Big Ip Carrier Grade Nat by F5

Big Ip Carrier Grade Nat by F5

Big Ip Container Ingress Services by F5

Big Ip Container Ingress Services by F5

Big Ip Container Ingress Services by F5

Big Ip Container Ingress Services by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Edge Gateway by F5

Big Ip Edge Gateway by F5

Big Ip Edge Gateway by F5

Big Ip Edge Gateway by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Global Traffic Manager by F5

Big Ip Global Traffic Manager by F5

Big Ip Global Traffic Manager by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

Big Ip Webaccelerator by F5

Big Ip Webaccelerator by F5