CVE-2025-54755 is a directory traversal vulnerability classified under CWE-146, affecting the Traffic Management User Interface (TMUI) component of F5 BIG-IP devices. This vulnerability arises due to improper neutralization of expression or command delimiters, allowing an authenticated attacker with high privileges to bypass intended file access restrictions. Specifically, the attacker can craft requests that traverse directories and access arbitrary files on the underlying system, potentially exposing sensitive configuration files, credentials, or other critical data. The affected BIG-IP versions include 15.1.0, 16.1.0, 17.1.0, and 17.5.0, which are actively supported versions. The vulnerability does not require user interaction but does require the attacker to have authenticated access with high privileges, limiting the attack surface to insiders or compromised administrator accounts. The CVSS v3.1 base score is 4.9, reflecting a medium severity level, with a vector indicating network attack vector, low attack complexity, high privileges required, no user interaction, unchanged scope, high confidentiality impact, and no integrity or availability impact. There are no known exploits in the wild at the time of publication, and no patches have been linked yet. This vulnerability could be leveraged to gain unauthorized access to sensitive files, which may facilitate further attacks or data exfiltration. Organizations using affected BIG-IP versions should assess their exposure, restrict TMUI access, and monitor for suspicious activity while awaiting vendor patches.

For European organizations, this vulnerability poses a significant confidentiality risk, especially for entities relying on F5 BIG-IP devices for critical network and application delivery functions. Unauthorized file access could expose sensitive configuration data, credentials, or proprietary information, potentially leading to further compromise or data breaches. Given the requirement for authenticated high-privilege access, the threat is more relevant to insider threats or attackers who have already compromised administrative credentials. The impact is heightened in sectors such as finance, telecommunications, government, and critical infrastructure, where BIG-IP devices are commonly deployed. Exposure of sensitive files could disrupt trust, lead to regulatory penalties under GDPR for data breaches, and damage organizational reputation. Although the vulnerability does not directly affect system integrity or availability, the confidentiality breach alone warrants prompt attention. European organizations should consider this vulnerability a medium risk but prioritize remediation in environments with high-value data or critical services.

1. Immediately restrict access to the TMUI interface to trusted administrators only, ideally via VPN or secure management networks. 2. Enforce strong multi-factor authentication (MFA) for all administrative access to BIG-IP devices to reduce the risk of credential compromise. 3. Implement strict role-based access controls (RBAC) to limit privileges to the minimum necessary for users interacting with TMUI. 4. Monitor logs and network traffic for unusual file access patterns or directory traversal attempts within TMUI. 5. Regularly audit administrative accounts and remove or disable unused or unnecessary accounts. 6. Apply vendor patches or updates as soon as they become available for the affected BIG-IP versions. 7. Consider deploying Web Application Firewalls (WAF) or Intrusion Detection/Prevention Systems (IDS/IPS) with rules tuned to detect directory traversal attempts targeting TMUI. 8. Conduct security awareness training for administrators to recognize and report suspicious activity. 9. If patching is delayed, consider temporary compensating controls such as isolating BIG-IP management interfaces from general network access. 10. Maintain an incident response plan tailored to potential insider threats or administrative account compromises.