Over 269,000 F5 Devices Found Exposed Online After Massive Breach

·

cyber security, Cyber Security News, Data Breach

A recent breach of F5 Networks’ infrastructure has left more than 269,000 devices exposed and vulnerable to attack. Security researchers first detected unusual activity on F5’s management portal, prompting the company to issue an alert and patch critical vulnerabilities. However, despite swift action, a daily snapshot from Shadowserver shows that nearly 269,000 unique IP addresses […]

The post Over 269,000 F5 Devices Found Exposed Online After Massive Breach appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
The Netherlands joins US Air Force’s robot wingman program

·

Business

WASHINGTON—The Netherlands wants in on the U.S. Air Force’s collaborative combat aircraft program to boost their own fleet of F-35 fighter jets. The Dutch Defense Ministry inked a letter of intent to cooperate in the program Thursday.

The Netherlands also signed a separate agreement with General Atomics as part of a broader effort to boost the country’s defenses and drone tech.

“We think that this is a unique point in time and it reinforces the partnership we have with the U.S. And I think it also makes the world a lot safer if in the near future we can actually also operate CCA type of aircraft in the European theater,” Gijs Tuinman, Dutch State Secretary for Defense, told reporters Thursday after announcing the agreement at the Dutch embassy’s defense industry event.

The country has partnered with the U.S. on the F-16 and F-35, which makes a CCA investment a natural next step that help proliferate the tech across Europe, Tuinman said, noting the Netherlands needs roughly equal numbers manned, unmanned, and attritable systems for its defenses.

“The Netherlands is like the jumping pad for the United States to get into Europe. So we have always [had a] strong or transatlantic relationship. That's my message here too: to sign the deal, but also to express that we understand the message from the U.S…that the Netherlands and Europe should shift the burden a bit” by increasing defense spending, Tuinman said.

The agreement allows the Netherlands access to the CCA program as it develops, to share data, and to provide input for requirements for use in Europe.

The Netherlands also penned an agreement with General Atomics to develop new small unmanned aircraft systems for intelligence, surveillance, and reconnaissance that are affordable and can hold a variety of payloads.

Tuinman said the drone industry lacks systems that can “penetrate [anti-access/area-denial] bubbles and have a diverse set of ISR and strike capabilities.”

General Atomics will work with Netherlands-based VDL Defentec to engineer and produce the new systems.

The move comes months after General Atomics and fellow CCA-maker Anduril began pitching tailorable versions of the platform—and co-production—to European countries at the Paris Air Show this summer.

The Dutch partnership aims to address immediate security threats as Russia’s war on Ukraine persists and drone activity increases across Europe. Drones recently disrupted communications during a Dutch military exercise in Poland.

“Putin is testing us in every possible way,” Tuinman said. “Hybrid attacks are already taking place across Europe…including my own country. And over the past weeks, various locations in Europe have been plagued by large amounts of mysterious drones testing the strength of our response, resilience, and most of all our alliance.”

Teaming with General Atomics, and other U.S. defense companies, also creates an opportunity to bolster defense industries on both sides of the Atlantic Ocean, Birgitta Tazelaar, the Dutch ambassador to the U.S., said Thursday during opening remarks at the embassy’s annual defense industry event.

Spending more on defense “means that we're going to build up a European defense industry, but it also means that we're going to work very well together with our American partners in doing so. And this is crucial. Look at our adversaries and our competitors. They are doing the same, and it is extremely important to keep our strategic advantage by working together and integrating our industrial bases to the extent that we both benefit,” Tazelaar said.
]]>

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

F5 Released Security Updates Covering Multiple Products Following Recent Hack

cyber security, Cyber Security News, vulnerability, Vulnerability News

F5 Networks, a leading provider of application security and delivery solutions, has disclosed a significant security breach involving a nation-state threat actor, prompting the release of critical updates for its core products.

Detected in August 2025, the incident exposed internal systems to prolonged unauthorized access, leading to the theft of BIG-IP source code and undisclosed vulnerability data.

In response, F5 has rolled out patches across BIG-IP, F5OS, BIG-IQ, APM clients, and BIG-IP Next for Kubernetes to safeguard customers amid heightened risks.

The intrusion came to light on August 9, 2025, when F5 identified suspicious activity within its BIG-IP product development environment and engineering knowledge platforms.

The advanced adversary maintained persistent access, exfiltrating sensitive files including portions of source code and configuration details for a limited number of customers.

No evidence suggests alterations to the software supply chain or impacts on production systems, but the stolen intellectual property raises concerns about potential zero-day exploits targeting unpatched deployments.

F5 swiftly contained the threat through comprehensive measures, halting further unauthorized actions and confirming no ongoing intrusions.

The company enlisted top cybersecurity firms like CrowdStrike and Mandiant for investigation support, while collaborating with law enforcement and government agencies.

This proactive stance aligns with F5’s vulnerability management practices, now intensified to bolster enterprise and product security postures.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) responded with Emergency Directive ED 26-01, mandating federal agencies to patch and isolate affected F5 assets immediately.

F5 Security Updates

On October 15, 2025, F5 published its Quarterly Security Notification, detailing 44 vulnerabilities addressed in the latest releases, many tied to the breach’s implications.

High-severity CVEs dominate, with scores up to 8.7 under CVSS v3.1, affecting components like SCP/SFTP in BIG-IP (CVE-2025-53868) and F5OS platforms (CVE-2025-61955).

These flaws enable potential denial-of-service, privilege escalation, and remote code execution, particularly in appliance modes where risks escalate.

Medium and low-risk issues include iControl REST vulnerabilities (CVE-2025-59481) and configuration utility exposures, fixed in versions such as BIG-IP 17.5.1.3 and F5OS-C 1.8.2.

High Severity Vulnerabilities

CVE ID	CVSS Score (v3.1 / v4.0)	Affected Products	Affected Versions	Fixes Introduced In
CVE-2025-53868	8.7 / 8.5	BIG-IP (all modules)	17.5.0, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10	17.5.1, 17.1.3, 16.1.6.1, 15.1.10.8
CVE-2025-61955	7.8 (standard) / 8.8 (appliance) / 8.5	F5OS-A, F5OS-C	F5OS-A: 1.8.0^3, 1.5.1-1.5.3; F5OS-C: 1.8.0-1.8.1, 1.6.0-1.6.2^3	F5OS-A: 1.8.3, 1.5.4; F5OS-C: 1.8.2, 1.6.4
CVE-2025-57780	7.8 (standard) / 8.8 (appliance) / 8.5	F5OS-A, F5OS-C	F5OS-A: 1.8.0^3, 1.5.1-1.5.3; F5OS-C: 1.8.0-1.8.1, 1.6.0-1.6.2^3	F5OS-A: 1.8.3, 1.5.4; F5OS-C: 1.8.2, 1.6.4
CVE-2025-60016	7.5 / 8.7	BIG-IP (all modules), BIG-IP Next SPK, BIG-IP Next CNF	BIG-IP: 17.1.0-17.1.1; Next SPK: 1.7.0-1.9.2; Next CNF: 1.1.0-1.3.3	BIG-IP: 17.1.2; Next SPK: 2.0.0; Next CNF: 2.0.0, 1.4.0
CVE-2025-48008	7.5 / 8.7	BIG-IP (all modules), BIG-IP Next SPK, BIG-IP Next CNF	BIG-IP: 17.1.0-17.1.2, 16.1.0-16.1.5, 15.1.0-15.1.10; Next SPK: 1.7.0-1.9.2; Next CNF: 1.1.0-1.4.1	BIG-IP: 17.1.2.2, 16.1.6, 15.1.10.8; Next SPK: None; Next CNF: None
CVE-2025-59781	7.5 / 8.7	BIG-IP (all modules), BIG-IP Next CNF	BIG-IP: 17.1.0-17.1.2, 16.1.0-16.1.5, 15.1.0-15.1.10; Next CNF: 1.1.0-1.4.0	BIG-IP: 17.1.2.2, 16.1.6, 15.1.10.8; Next CNF: 1.4.0 EHF-3^4
CVE-2025-41430	7.5 / 8.7	BIG-IP SSL Orchestrator	17.5.0, 17.1.0-17.1.2, 16.1.0-16.1.3, 15.1.0-15.1.9	17.5.1, 17.1.3, 16.1.4
CVE-2025-55669	7.5 / 8.7	BIG-IP ASM	17.1.0-17.1.2, 16.1.0-16.1.5	17.1.2.2, 16.1.6
CVE-2025-61951	7.5 / 8.7	BIG-IP (all modules)	17.5.0, 17.1.0-17.1.2, 16.1.0-16.1.6	17.5.1, 17.1.3, 16.1.6.1
CVE-2025-55036	7.5 / 8.7	BIG-IP SSL Orchestrator	17.1.0-17.1.2, 16.1.0-16.1.5, 15.1.0-15.1.10	17.1.3, 16.1.6, 15.1.10.8
CVE-2025-54479	7.5 / 8.7	BIG-IP PEM, BIG-IP Next CNF, BIG-IP Next for Kubernetes	BIG-IP PEM: 17.5.0, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10; Next CNF: 2.0.0-2.1.0, 1.1.0-1.4.0; Next K8s: 2.0.0-2.1.0	BIG-IP PEM: 17.5.1, 17.1.3, 16.1.6.1, 15.1.10.8; Next CNF: 2.1.0 EHF-1^4, 2.0.2 EHF-2^4, 2.0.0 EHF-2^4, 1.4.0 EHF-3^4; Next K8s: 2.1.0 EHF-2^4
CVE-2025-46706	7.5 / 8.7	BIG-IP (all modules), BIG-IP Next SPK, BIG-IP Next CNF	BIG-IP: 17.1.0-17.1.2, 16.1.0-16.1.5; Next SPK: 1.7.0-1.9.2; Next CNF: 1.1.0-1.4.1	BIG-IP: 17.1.2.2, 16.1.6; Next SPK: 2.0.0, 1.7.14 EHF-2^4; Next CNF: 2.0.0, 1.4.0 EHF-3^4
CVE-2025-59478	7.5 / 8.7	BIG-IP AFM	17.5.0, 17.1.0-17.1.2, 15.1.0-15.1.10	17.5.1, 17.1.3, 15.1.10.8
CVE-2025-61938	7.5 / 8.7	BIG-IP Advanced WAF/ASM	17.5.0, 17.1.0-17.1.2	17.5.1, 17.1.3
CVE-2025-54858	7.5 / 8.7	BIG-IP Advanced WAF/ASM	17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10	17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8
CVE-2025-58120	7.5 / 8.7	BIG-IP Next SPK, BIG-IP Next CNF, BIG-IP Next for Kubernetes	Next SPK: 2.0.0, 1.7.0-1.7.14; Next CNF: 2.0.0, 1.1.0-1.4.1; Next K8s: 2.0.0	Next SPK: 2.0.1, 1.7.14 EHF-2^4; Next CNF: 2.0.1; Next K8s: 2.1.0
CVE-2025-53856	7.5 / 8.7	BIG-IP (all modules)	17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10	17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8
CVE-2025-61974	7.5 / 8.7	BIG-IP (all modules), BIG-IP Next SPK, BIG-IP Next CNF, BIG-IP Next for Kubernetes	BIG-IP: 17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10; Next SPK: 2.0.0-2.0.2, 1.7.0-1.9.2; Next CNF: 2.0.0-2.1.0, 1.1.0-1.4.1; Next K8s: 2.0.0-2.1.0	BIG-IP: 17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8; Next SPK: 2.1.0 EHF-1^4, 2.0.2 EHF-2^4, 2.0.0 EHF-2^4, 1.7.14 EHF-2^4; Next CNF: 2.1.0 EHF-1^4, 2.0.2 EHF-2^4, 2.0.0 EHF-2^4, 1.4.0 EHF-3^4; Next K8s: 2.1.0 EHF-1^4
CVE-2025-58071	7.5 / 8.7	BIG-IP (all modules), BIG-IP Next CNF, BIG-IP Next for Kubernetes	BIG-IP: 17.5.0, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10; Next CNF: 2.0.0-2.1.0, 1.1.0-1.4.1; Next K8s: 2.0.0-2.1.0	BIG-IP: 17.5.1, 17.1.3, 16.1.6.1, 15.1.10.8; Next CNF: 2.1.0 EHF-1^4, 2.0.2 EHF-2^4, 2.0.0 EHF-2^4, 1.4.0 EHF-3^4; Next K8s: 2.1.0 EHF-1^4
CVE-2025-53521	7.5 / 8.7	BIG-IP APM	17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10	17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8
CVE-2025-61960	7.5 / 8.7	BIG-IP APM	17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6	17.5.1.3, 17.1.3, 16.1.6.1
CVE-2025-54854	7.5 / 8.7	BIG-IP APM	17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10	17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8
CVE-2025-53474	7.5 / 8.7	BIG-IP APM	17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10	17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8
CVE-2025-61990	7.5 / 8.7	BIG-IP (all modules), BIG-IP Next SPK, BIG-IP Next CNF, BIG-IP Next for Kubernetes	BIG-IP: 17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10; Next SPK: 2.0.0-2.0.2, 1.7.0-1.9.2; Next CNF: 2.0.0-2.1.0, 1.1.0-1.4.1; Next K8s: 2.0.0-2.1.0	BIG-IP: 17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8; Next SPK: 2.1.0 EHF-1^4, 2.0.2 EHF-2^4, 2.0.0 EHF-2^4, 1.7.15 EHF-2^4; Next CNF: 2.1.0 EHF-1^4, 2.0.2 EHF-2^4, 2.0.0 EHF-2^4, 1.4.0 EHF-3^4; Next K8s: 2.1.0 EHF-1^4
CVE-2025-58096	7.5 / 8.7	BIG-IP (all modules)	17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10	17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8
CVE-2025-61935	7.5 / 8.7	BIG-IP Advanced WAF/ASM	17.5.0, 17.1.0-17.1.2, 15.1.0-15.1.10	17.5.1, 17.1.3, 15.1.10.8
CVE-2025-59778	7.5 / 7.7	F5OS-C	1.8.0-1.8.1, 1.6.0-1.6.2^3	1.8.2, 1.6.4

Medium Severity Vulnerabilities

CVE ID	CVSS Score (v3.1 / v4.0)	Affected Products	Affected Versions	Fixes Introduced In
CVE-2025-59481	6.5 (standard) / 8.7 (appliance) / 8.5	BIG-IP (all modules)	17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10	17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8
CVE-2025-61958	6.5 (standard) / 8.7 (appliance) / 8.5	BIG-IP (all modules)	17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10	17.5.1.1, 17.1.3, 16.1.6.1, 15.1.10.8
CVE-2025-47148	6.5 / 7.1	BIG-IP APM, APM with SWG, SSL Orchestrator, SSL Orchestrator with SWG	17.5.0, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10	17.5.1, 17.1.3, 16.1.6.1, 15.1.10.8
CVE-2025-47150	6.5 / 7.1	F5OS-A, F5OS-C	F5OS-A: 1.8.0-1.8.1^3, 1.5.1-1.5.2; F5OS-C: 1.6.0-1.6.2^3, 1.8.0	F5OS-A: 1.8.3, 1.5.3; F5OS-C: 1.6.4
CVE-2025-55670	6.5 / 7.1	BIG-IP Next SPK, BIG-IP Next CNF, BIG-IP Next for Kubernetes	Next SPK: 1.7.0-1.9.2; Next CNF: 1.1.0-1.4.1; Next K8s: 2.0.0	Next SPK: None; Next CNF: None; Next K8s: 2.1.0
CVE-2025-54805	6.5 / 6.0	BIG-IP Next SPK, BIG-IP Next CNF, BIG-IP Next for Kubernetes	Next SPK: 1.7.0-1.9.2; Next CNF: 1.1.0-1.4.1; Next K8s: 2.0.0	Next SPK: 2.0.0; Next CNF: 2.0.0; Next K8s: 2.1.0
CVE-2025-59269	6.1 / 8.4	BIG-IP (all modules)	17.5.0, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10	17.5.1, 17.1.3, 16.1.6.1, 15.1.10.8
CVE-2025-58153	5.9 / 8.2	BIG-IP (all modules)	17.5.0, 16.1.0-16.1.6, 15.1.0-15.1.10	17.5.1, 16.1.6.1, 15.1.10.8
CVE-2025-60015	5.7 / 6.9	F5OS-A, F5OS-C	F5OS-A: 1.8.0^3, 1.5.1-1.5.3; F5OS-C: 1.8.0-1.8.1, 1.6.0-1.6.2^3	F5OS-A: 1.8.3, 1.5.4; F5OS-C: 1.8.2, 1.6.4
CVE-2025-59483	6.5 / 8.5	BIG-IP (all modules)	17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10	17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8
CVE-2025-60013	5.7 / 4.6	F5OS-A	1.8.0^3, 1.5.1-1.5.3	1.8.3, 1.5.4
CVE-2025-59268	5.3 / 6.9	BIG-IP (all modules)	17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10	17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8
CVE-2025-58474	5.3 / 6.9	BIG-IP Advanced WAF/ASM, NGINX App Protect WAF	BIG-IP: 17.1.0-17.1.1; NGINX: 4.5.0-4.6.0	BIG-IP: 17.1.2; NGINX: 4.7.0
CVE-2025-61933	6.1 / 5.1	BIG-IP APM	17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10	17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8
CVE-2025-54755	4.9 / 6.9	BIG-IP (all modules)	17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10	17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8
CVE-2025-53860	4.1 / 5.6	F5OS-A	1.8.0^3, 1.5.1-1.5.2	1.8.3, 1.5.3

Low Severity Vulnerabilities

CVE ID	CVSS Score (v3.1 / v4.0)	Affected Products	Affected Versions	Fixes Introduced In
CVE-2025-58424	3.7 / 6.3	BIG-IP (all modules), F5 Silverline (all services)	BIG-IP: 17.1.0-17.1.2, 16.1.0-16.1.5, 15.1.0-15.1.10; Silverline: N/A	BIG-IP: 17.1.2.2^3, 16.1.6^3, 15.1.10.8^3; Silverline: N/A

Security Exposures

Exposure ID	Affected Products	Affected Versions	Fixes Introduced In
K000150010: BIG-IP AFM security exposure	BIG-IP AFM	17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10	17.5.1.1, 17.1.3

BIG-IP Next for Kubernetes receives targeted hotfixes, like 2.1.0 EHF-14, to mitigate TMM and SSL/TLS weaknesses. Security exposures in BIG-IP AFM are also resolved, emphasizing the need for swift upgrades across all supported versions.

F5 stresses that while no active exploitation of undisclosed flaws is known, updating is essential to prevent lateral movement and data exfiltration in customer networks.

Customers should prioritize applying these updates, enabling event streaming to SIEM tools, and isolating management interfaces from public access.

Decommissioning end-of-life products further reduces exposure. F5’s transparency underscores the evolving nation-state threats, where stolen code could fuel sophisticated attacks on critical infrastructure.

By patching promptly, organizations can maintain robust defenses against this and future incidents. For full details, refer to F5’s official notification.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post F5 Released Security Updates Covering Multiple Products Following Recent Hack appeared first on Cyber Security News.

¶¶¶¶¶

LinkPro: An eBPF-Based Rootkit Hiding Malicious Activity on GNU/Linux

·

cyber security, Cyber Security News, LinkPro, Linux

Security researchers from Synacktiv CSIRT have uncovered a sophisticated Linux rootkit dubbed LinkPro that leverages eBPF (extended Berkeley Packet Filter) technology to establish persistent backdoor access while remaining virtually invisible to traditional monitoring tools. The infection chain originated from a vulnerable Jenkins server exposed to the internet, exploited through CVE-2024-23897. Threat actors leveraged this initial […]

The post LinkPro: An eBPF-Based Rootkit Hiding Malicious Activity on GNU/Linux appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
VMware Releases Workstation & Fusion 25H2 With Enhanced Features and OS Support

·

cyber security, Cyber Security News

VMware has launched the latest versions of its desktop hypervisors, Workstation 25H2 and Fusion 25H2, bringing significant improvements to virtualization technology. These updates introduce a simplified versioning system, powerful new features, and expanded compatibility with modern operating systems and hardware. VMware has abandoned traditional version numbering like Workstation 17.6.x and Fusion 13.6.x in favor of […]

The post VMware Releases Workstation & Fusion 25H2 With Enhanced Features and OS Support appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign

·

Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks. The certificates were “used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy Rhysida ransomware,” the Microsoft Threat Intelligence team said in a post shared on X. The tech

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Critical Cisco IOS and IOS XE Flaws Allow Remote Code Execution

·

CVE/vulnerability, cyber security, Cyber Security News, Vulnerabilities, vulnerability

Cisco has disclosed a serious security vulnerability affecting its IOS and IOS XE Software that could allow attackers to execute remote code or crash affected devices. The flaw, tracked as CVE-2025-20352, resides in the Simple Network Management Protocol (SNMP) subsystem and carries a CVSS score of 7.7, marking it as a high-severity threat. Overview of […]

The post Critical Cisco IOS and IOS XE Flaws Allow Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
F5 Issues Security Patches for Multiple Products After Recent Breach

·

CVE/vulnerability, cyber security, Cyber Security News, Vulnerabilities, vulnerability

F5 Networks has released comprehensive security patches addressing multiple critical vulnerabilities across its product portfolio following a recent security incident. The company issued its quarterly security notification on October 15, 2025, documenting numerous high-severity vulnerabilities that could potentially expose enterprise networks to significant security risks. Extensive Vulnerability Disclosure Reveals Multiple Attack Vectors The security advisory […]

The post F5 Issues Security Patches for Multiple Products After Recent Breach appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
North Korean Hackers Exploit EtherHiding to Spread Malware and Steal Crypto Assets

·

cyber security, Cyber Security News, Malware

The cybersecurity landscape has witnessed a significant evolution in attack techniques with North Korean threat actors adopting EtherHiding, a sophisticated method that leverages blockchain technology to distribute malware and facilitate cryptocurrency theft. EtherHiding represents a fundamental shift in how cybercriminals store and deliver malicious payloads by embedding malware code within smart contracts on public blockchains […]

The post North Korean Hackers Exploit EtherHiding to Spread Malware and Steal Crypto Assets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Cisco IOS and IOS XE Software Vulnerabilities Let Attackers Execute Remote Code

·

cyber security, Cyber Security News, vulnerability, Vulnerability News

Cisco has disclosed a severe vulnerability in its widely used IOS and IOS XE Software, potentially allowing attackers to crash devices or seize full control through remote code execution.

The flaw, rooted in the Simple Network Management Protocol (SNMP) subsystem, stems from a stack overflow condition that attackers can trigger with a specially crafted SNMP packet over IPv4 or IPv6 networks.

This issue affects all SNMP versions and has already seen exploitation in the wild, highlighting the urgency for network administrators to act swiftly.

The vulnerability enables two main attack vectors. A low-privileged, authenticated remote attacker armed with SNMPv2c read-only community strings or valid SNMPv3 credentials could induce a denial-of-service (DoS) condition, forcing affected devices to reload and disrupting network operations.

More alarmingly, a highly privileged attacker with administrative or privilege level 15 access could execute arbitrary code as the root user on IOS XE devices, granting complete system takeover.

Cisco’s Product Security Incident Response Team (PSIRT) discovered this during a Technical Assistance Center support case, and real-world exploits followed compromised local administrator credentials.

This flaw impacts a broad range of Cisco devices running vulnerable IOS or IOS XE releases with SNMP enabled, including routers, switches, and access points essential to enterprise infrastructures.

Devices that haven’t explicitly excluded the affected object ID (OID) remain at risk. Notably, IOS XR Software and NX-OS Software are unaffected, providing some relief for users of those platforms.

The potential fallout is significant: DoS attacks could halt critical services, while root-level code execution might enable data theft, lateral movement in networks, or deployment of malware.

Given SNMP’s ubiquity for device monitoring, many organizations unwittingly expose themselves by leaving default configurations intact.

Mitigations

Cisco emphasizes that no full workarounds exist, but mitigations can curb immediate threats. Administrators should restrict SNMP access to trusted users only and monitor via the “show snmp host” CLI command.

A key step involves disabling vulnerable OIDs using the “snmp-server view” command to create a restricted view, then applying it to community strings or SNMPv3 groups. For Meraki cloud-managed switches, contacting support is advised to implement these changes.

Patches are now available through Cisco’s September 2025 Semiannual Security Advisory Bundled Publication. Users can verify exposure and find fixed releases using the Cisco Software Checker tool.

To check SNMP status, run CLI commands like “show running-config | include snmp-server community” for v1/v2c or “show snmp user” for v3.

Cisco urges immediate upgrades to fortified software, warning that delays could invite further exploits. As networks grow more interconnected, such vulnerabilities underscore the need for rigorous SNMP hardening and proactive patching.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Cisco IOS and IOS XE Software Vulnerabilities Let Attackers Execute Remote Code appeared first on Cyber Security News.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

F5 Security Updates

High Severity Vulnerabilities

Medium Severity Vulnerabilities

Low Severity Vulnerabilities

Security Exposures

Mitigations