Chris Christian from F5 Security Response Team (SRT) reached out promptly and I shared the details with him.
Chris confirmed yesterday that F5 has now released new version 12.0 that fixes this issue. F5 has also published a Solution Article 17253 describing this path traversal vulnerability, affected devices / versions, impact, resolution & references, recently on Sep 9, 2015.
Read it here:
April 27, 2015 - Contacted F5 security
April 28, 2015 - Response from F5
September 02, 2015 - version 12.0 released
September 09, 2015 - Solution article 17253 published
Associated CVE-2015-4040 is
You can check it out here:
I have also posted a working exploit on Exploit-db and Packetstorm:
More advisories coming soon.