CVE Alert: CVE-2025-41430 - F5 - BIG-IP

CVE-2025-41430

HIGHNo exploitation known

When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS v3.1 (7.5)

AV NETWORK · AC LOW · PR NONE · UI NONE · S UNCHANGED

Vendor

F5, F5

Product

BIG-IP, SSL Orchestrator

Versions

17.5.0 lt 17.5.1 | 17.1.0 lt 17.1.3 | 16.1.0 lt 16.1.4 | 15.1.0 lt * | 12.0 lt 12.1 | 11.0 lt 11.2 | 9.0 lt 9.4 | 7.0 lt *

CWE

CWE-770, CWE-770 Allocation of Resources Without Limits or Throttling

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published

2025-10-15T13:55:48.081Z

Updated

2025-10-15T17:28:54.275Z

References

https://my.f5.com/manage/s/article/K000150667

AI Summary Analysis

Risk verdict

High risk to service availability from a network-based flaw in BIG-IP SSL Orchestrator; no active exploitation signals are shown, but the potential for remote denial of service warrants monitoring and timely patching.

Why this matters

If exploited, TMM termination could disrupt or degrade traffic processing, affecting decrypt/inspect workflows and downstream services. This can hit customer-facing applications, violate SLAs, and incur operational disruption during peak periods.

Most likely attack path

An attacker can reach the SSL Orchestrator over the network and send crafted traffic that triggers TMM termination with no user interaction or privileges required. The vulnerability is focused on availability (high impact) with network attack vector and no initial access controls needed, making rapid DoS attempts feasible in exposed topologies.

Who is most exposed

Deployments where SSL Orchestrator sits in the data plane or edge gateways, especially in environments with external-facing network paths or multi-location architectures, are most at risk. Organisations using legacy or EoTS versions are particularly susceptible.

Detection ideas

TMM crash/termination events and crash dumps in system logs.
Unexpected SSL Orchestrator service restarts or process terminations.
CPU/memory spikes or degraded throughput on TMM nodes.
Network报traffic stalls or sudden drops in decrypt/inspect throughput.
Alerts referencing vendor advisory or CVE-2025-41430; automated exploit attempts noted in security monitoring.

Mitigation and prioritisation

Patch promptly to a supported release per vendor advisory; decommission or upgrade affected versions.
If patching is delayed, restrict network access to the SSL Orchestrator, enforce strict ingress controls, and enable rate-limiting on affected paths.
Strengthen HA/availability testing and ensure rapid failover; review configurations to minimise single points of failure.
Validate changes in a staging environment before production; document maintenance windows. If KEV or EPSS indicators were present, this would be treated as priority 1.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: big-ip, CVE, cve-2025-41430, f5, OSINT, ssl-orchestrator, threatintel