CVE-2025-41399

CVE-2025-41399 affects BIG-IP products when a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, causing undisclosed requests to increase memory resource utilization and potentially degrade performance or cause DoS via a reset/restart of the TMM process. The Re...

CVE-2025-41399 SCTP Vulnerability

When a Stream Control Transmission Protocol SCTP profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

K000140919: BIG-IP HTTP/2 vulnerability CVE-2025-36504

Security Advisory Description When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. CVE-2025-36504 Impact System performance can degrade until the Traffic Management Microkernel TMM process is either...

PT-2025-20306 · F5 · Big-Ip +3

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: When a Stream Control Transmission Protocol SCTP profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Recommendations: At the...

F5 Networks BIG-IP : BIG-IP HTTP/2 vulnerability (K000140919)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.6 / 17.1.2. It is, therefore, affected by a vulnerability as referenced in the K000140919 advisory. When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increas...

CVE-2025-24326

When BIG-IP Advanced WAF/ASM Behavioral DoS BADoS TLS Signatures feature is configured, undisclosed traffic can case an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-20058

When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-22891

When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technica...

CVE-2025-20058

When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-20058

CVE-2025-20058 affects BIG-IP: when a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can trigger increased memory usage, potentially degrading system performance and causing DoS via TMM. The F5 K000140947 advisory details affected branches and fixes: BIG-IP ...

CVE-2025-22891 BIG-IP PEM Vulnerability

When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technica...

CVE-2025-20058 BIG-IP message routing vulnerability

When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-20058 BIG-IP message routing vulnerability

When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-21091

CVE-2025-21091 affects F5 BIG-IP SNMP when SNMPv1/v2c is disabled. The vulnerability can cause a DoS by increasing memory usage through undisclosed requests. According to the advisory, fixes are available in specific branches: for BIG-IP (all modules) the fix was introduced in 17.1.2 (vulnerable:...

CVE-2025-21091 BIG-IP SNMP vulnerability

When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-21087

CVE-2025-21087 affects F5 BIG-IP TMM: when Client/Server SSL profiles are configured on a virtual server or DNSSEC signing is used, undisclosed traffic can cause increased memory and CPU usage, potentially degrading performance or causing DoS. According to the F5 advisory, vulnerable ranges inclu...

K000140933: BIG-IP SNMP vulnerability CVE-2025-21091

Security Advisory Description When SNMP v1 or v2c are disabled on the BIG-IP system, undisclosed requests can cause an increase in memory resource utilization. CVE-2025-21091 Impact System performance can degrade until the snmpd process is either forced to restart or is manually restarted. This...

K000140950: BIG-IP ASM BADoS vulnerability CVE-2025-24326

Security Advisory Description When the BIG-IP ASM Behavioral DoS BADoS TLS Signatures feature is configured, undisclosed traffic can cause an increase in memory resource utilization. CVE-2025-24326 Impact System performance can degrade until the admd or Traffic Management Microkernel TMM processe...

K000140947: BIG-IP message routing vulnerability CVE-2025-20058

Security Advisory Description When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. CVE-2025-20058 Impact System performance can degrade until the Traffic Management Microkernel TMM process is either forc...

CVE-2024-45797

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5....