F5 Quarterly Security Notifications (QSNs) – Overview

F5 publishes Quarterly Security Notifications (QSNs) to disclose vulnerabilities and exposures across its product portfolio. These scheduled advisories allow customers to plan patching and updates in advance of public disclosure.

Key Points

• Purpose: Provide transparency on vulnerabilities in F5 products.
• Schedule: Dates are announced ahead of time so organizations can prepare.
• Fixes: Incorporated into sustaining releases across all F5 products.
• Recommendation: Always run the latest release for optimal security and performance.
• Subscription: Customers can subscribe to F5 Security Announcements (see K9970) to receive notifications.

Upcoming & Past QSNs

Notification Date	Reference Article
Feb 4, 2026	Pending publication
Oct 15, 2025	K000156572
Aug 13, 2025	K000152635
May 7, 2025	K000151008
Feb 5, 2025	K000149540
Oct 16, 2024	K000141302
Aug 14, 2024	K000140552
May 8, 2024	K000139404
Feb 14, 2024	K000138353
Oct 10, 2023	K000137053
Aug 2, 2023	K000135479
May 3, 2023	K000133251
Feb 1, 2023	K000130496
Oct 19, 2022	K30425568
Aug 3, 2022	K14649763
May 4, 2022	K55879220
Jan 19, 2022	K40084114

Additional Security Announcements

Beyond scheduled QSNs, F5 also issues out-of-band advisories for urgent vulnerabilities:

• Dec 17, 2025: NGINX Ingress Controller – CVE-2025-14727 (K000158176)
• Mar 3, 2025: NGINX Unit – CVE-2025-1695 (K000149959)
• Nov 6, 2024: NGINX OpenID Connect – CVE-2024-10318 (K000148232)
• Aug 22, 2024: NGINX Agent – CVE-2024-7634 (K000140630)
• May 29, 2024: Out-of-band Notification (K000139628)
• Oct 26, 2023: Overview of vulnerabilities (K000137368)
• Nov 16, 2022: Overview of vulnerabilities (K97843387)

Best Practices for Customers

• Stay updated: Track QSN dates and apply patches promptly.
• Subscribe: Enable F5 Security Announcements for real-time alerts.
• Check versions: Refer to K2200 for the most recent F5 software releases.
• Policy reference: See K4602 for F5’s vulnerability response policy.