Forum Discussion
CirrusCVE mitigation on F5 XC vs classic F5 WAF
Hi,
there is serious CVE out there:
https://www.cve.org/CVERecord?id=CVE-2025-55182
And F5 reacted quickly: https://my.f5.com/manage/s/article/K000158058#BIG-IP
F5 itself is not affected, but F5 company created signatures addressing this issue. But it seems they are NOT available in F5 XC. That leads me to thinking what is the process, what can we expect? We have deployed signatures on some onsite environments, but how about services behind F5 XC?
Thanks,
Zdenek
3 Replies
ZdendaF5 XC support replied it is installed automatically by F5:
Attack Signatures | F5 Distributed Cloud Technical Knowledge
Attack Signatures Changelog | F5 Distributed Cloud Technical Knowledge
- Nikoolayy1
MVP
Yes that is how XC with AWAF works. Any new signatures are auto added. Changed and new signatures enter 1 week staging as shown in WAF Signature Staging in F5 Distributed Cloud and you need to use the XC API to see them (no GUI option for some reason) https://docs.cloud.f5.com/docs-v2/api/waf-signatures-changelog
Maybe for this one as it is bad XC added it to blocking even for WAF policies that have staging enabled from the start but I suggest using the XC API to check.
When you said XC doesn't have the signature where did you actually check this as I know only of https://docs.cloud.f5.com/docs-v2/platform/reference/attack-signatures ?
- Nikoolayy1
You even use the dev portal by adding your tenant and after that authorizing it with credentials to see this without a need of CURL or Postman:
https://console.ves.volterra.io/web/devportal/domain
