CVE Alert: CVE-2025-48008 – F5 – BIG-IP

Risk verdict

High risk of remote initiation causing Traffic Management Microkernel (TMM) termination on MPTCP-enabled virtual servers; exploitation origin is not currently observed, but the impact could be service-disruptive.

Why this matters

A TMM crash or termination can interrupt traffic management and cause outages for services relying on the platform’s load-balancing and session handling. Attackers would aim to disrupt availability, potentially affecting SLA commitments and user experience, especially in edge or data-centre deployments with high traffic volumes.

Most likely attack path

Low complexity, network-based, no user interaction required, with no privileges needed. The attacker would need a TCP profile with Multipath TCP enabled on a relevant virtual server; undisclosed traffic patterns and conditions outside the attacker’s control could trigger the crash, limiting the need for local access but concentrating impact on exposed nodes hosting MPTCP-enabled profiles.

Who is most exposed

Deployments acting as external or internal load balancers with MPTCP-capable virtual servers are most at risk, particularly in environments with high availability requirements and multi-path transit.

Detection ideas

• TMM crash/restart events and core dumps in system logs.
• Sudden outages or degraded performance on virtual servers with MPTCP enabled.
• Unusual crash signatures or memory-use anomalies around MPTCP traffic handling.
• Correlated spikes in connectivity errors or N/W-layer indications of MPTCP session churn.

Mitigation and prioritisation

• Apply vendor-released patches or upgrade to non-affected builds for all affected lines; follow the advisory for exact version targets.
• If patching is delayed, disable or narrowly scope MPTCP on vulnerable virtual servers; isolate affected profiles from public-facing paths.
• Implement compensating controls: restrict access to management interfaces, enforce strict network segmentation, and monitor TMM stability with enhanced logging.
• Plan a defined patch window; test in staging for MPTCP compatibility and rollback readiness.
• Treat as priority in monitoring and change-management given high availability impact and network exposure.