CVE-2025-35995

When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of...

CVE-2025-41431

CVE-2025-41431 affects BIG-IP with the Traffic Management Microkernel (TMM) when connection mirroring is configured on a virtual server. Undisclosed requests can cause TMM to terminate on standby BIG-IP systems within a traffic group, creating a DoS-like disruption as redundancy is reduced during...

CVE-2025-41431 TMM Vulnerability

When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate in the standby BIG-IP systems in a traffic group. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-41431 TMM Vulnerability

When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate in the standby BIG-IP systems in a traffic group. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-35995

CVE-2025-35995 affects BIG-IP PEM when URL categorization is licensed and the URL categorization policy or a iRule using the urlcat command is enabled on a virtual server. Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate, resulting in traffic disruption while T...

CVE-2025-35995 BIG-IP PEM vulnerability

When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of...

CVE-2025-35995 BIG-IP PEM vulnerability

When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of...

CVE-2025-41433 BIG-IP SIP ALG profile vulnerability

When a Session Initiation Protocol SIP message routing framework MRF application layer gateway ALG profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of...

CVE-2025-41433 BIG-IP SIP ALG profile vulnerability

When a Session Initiation Protocol SIP message routing framework MRF application layer gateway ALG profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of...

CVE-2025-41433

CVE-2025-41433 affects F5 BIG-IP SIP MRF ALG profile. When configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate, enabling a potential DoS. Affected product scope per vendor advisories includes BIG-IP (all modules) acr...

CVE-2025-36557

CVE-2025-36557 affects F5 BIG-IP BIG-IP Next and related platforms where an HTTP profile configured with Enforce RFC Compliance can cause the Traffic Management Microkernel (TMM) to terminate due to undisclosed requests. Impact is described as DoS with TMM restart disruption and potential data-pl...

CVE-2025-36557 BIG-IP HTTP vulnerability

When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-36557 BIG-IP HTTP vulnerability

When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

K000150598: BIG-IP APM PingAccess vulnerability CVE-2025-36525

Security Advisory Description When a BIG-IP APM PingAccess profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-36525 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote...

K000140937: BIG-IP SIP ALG profile vulnerability CVE-2025-41433

Security Advisory Description When a Session Initiation Protocol SIP message routing framework MRF application layer gateway ALG profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-41433 Impact...

K000149952: BIG-IP PEM vulnerability CVE-2025-35995

Security Advisory Description When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-35995 Impa...

K000139571: BIG-IP HTTP vulnerability CVE-2025-36557

Security Advisory Description When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-36557 Impact Traffic is disrupted while the TMM process restarts. This...

K000140968: BIG-IP HTTP/2 vulnerability CVE-2025-41414

Security Advisory Description When HTTP/2 client and server profiles are simultaneously configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-41414 Impact Traffic is disrupted while the TMM process restarts. This vulnerability...

PT-2025-20309 · F5 · F5 Big-Ip

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions affected versions not specified Description: The issue occurs when a Session Initiation Protocol SIP message routing framework MRF application layer gateway ALG profile is configured on a Message Routing virtual server. In...

F5 Networks BIG-IP : BIG-IP PEM vulnerability (K000149952)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.6 / 17.1.2.2 / BIGIP-15.1.10.7.0.4.5-ENG. It is, therefore, affected by a vulnerability as referenced in the K000149952 advisory. When a BIG-IP PEM system is licensed with URL categorization, and the URL categorizatio...