CVE-2025-54755 is a directory traversal vulnerability identified in the Traffic Management User Interface (TMUI) component of F5 BIG-IP devices. The vulnerability stems from improper neutralization of expression or command delimiters (CWE-146), allowing an authenticated attacker with high privileges to bypass intended file access restrictions and read arbitrary files on the system. This can lead to exposure of sensitive configuration files, credentials, or other critical data stored on the device. The affected BIG-IP versions include 15.1.0, 16.1.0, 17.1.0, and 17.5.0, all of which are currently supported and in use. The vulnerability requires network access to the TMUI interface and valid user credentials with elevated privileges, but does not require user interaction beyond authentication. The CVSS v3.1 base score is 4.9, reflecting medium severity due to the confidentiality impact and the requirement for authentication. No public exploits have been reported yet, but the vulnerability could be leveraged in targeted attacks against organizations relying on BIG-IP for load balancing, application delivery, and security functions. The flaw arises because the TMUI fails to properly sanitize input used in file path expressions, enabling directory traversal sequences that access files outside the intended directories. This can undermine the confidentiality of the system and potentially aid further attacks if sensitive files such as private keys or configuration data are exposed. The vulnerability does not impact integrity or availability directly. Since the TMUI is often exposed to internal networks or VPNs, attackers with legitimate access could exploit this flaw to escalate their access or gather intelligence.

For European organizations, the impact of CVE-2025-54755 is primarily the unauthorized disclosure of sensitive information stored on F5 BIG-IP devices. This could include configuration files, credentials, SSL private keys, or other critical data that could facilitate further compromise or lateral movement within networks. Given the widespread use of F5 BIG-IP in enterprise data centers, telecommunications, and government infrastructure across Europe, exploitation could lead to significant confidentiality breaches. Organizations in sectors such as finance, healthcare, telecommunications, and critical infrastructure are particularly at risk due to the sensitive nature of their data and reliance on BIG-IP for secure application delivery. The vulnerability requires authenticated access, which limits exposure to insider threats or attackers who have already compromised credentials. However, if credentials are phished or stolen, attackers could leverage this vulnerability to deepen their foothold. The lack of known exploits in the wild suggests limited immediate risk, but the medium severity rating and potential impact warrant prompt attention. Failure to address this vulnerability could result in regulatory compliance issues under GDPR if personal data is exposed, as well as reputational damage and operational risks.

1. Apply official patches or updates from F5 as soon as they become available to remediate the vulnerability. 2. Restrict access to the TMUI interface by implementing network segmentation and firewall rules to limit access only to trusted administrative hosts and networks. 3. Enforce strong authentication mechanisms, including multi-factor authentication (MFA), for all users accessing the TMUI to reduce the risk of credential compromise. 4. Regularly audit and monitor access logs for unusual or unauthorized access attempts to the TMUI interface. 5. Use role-based access control (RBAC) to minimize the number of users with high privileges capable of exploiting this vulnerability. 6. Conduct internal penetration testing and vulnerability scanning to identify any exposure of TMUI interfaces and verify mitigation effectiveness. 7. Educate administrators on phishing and credential security best practices to prevent attackers from gaining authenticated access. 8. Consider deploying web application firewalls (WAF) or intrusion detection/prevention systems (IDS/IPS) that can detect and block directory traversal attempts targeting TMUI. 9. Maintain an inventory of all BIG-IP devices and their versions to ensure timely patch management. 10. If patching is delayed, consider temporarily disabling TMUI access or isolating affected devices from untrusted networks.