CVE Alert: CVE-2025-54479 – F5 – BIG-IP
CVE-2025-54479
HIGHNo exploitation known
When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS v3.1 (7.5)
AV NETWORK · AC LOW · PR NONE · UI NONE · S UNCHANGED
Vendor
F5, F5, F5
Product
BIG-IP, BIG-IP Next CNF, BIG-IP Next for Kubernetes
Versions
17.5.0 lt 17.5.1 | 17.1.0 lt 17.1.3 | 16.1.0 lt 16.1.6.1 | 15.1.0 lt 15.1.10.8 | 2.0.0 lt * | 1.1.0 lt * | 2.0.0 lt *
CWE
CWE-787, CWE-787: Out-of-bounds Write
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published
2025-10-15T13:55:49.617Z
Updated
2025-10-16T03:56:35.471Z
AI Summary Analysis
- Risk verdict: High risk of remote disruption; current data does not confirm KEV or SSVC exploitation activity, so urgency depends on those indicators.
- Why this matters: Exploitation can crash the Traffic Management Microkernel (TMM) when a classification profile is misconfigured, disrupting app delivery across affected virtual servers. While not described as a full code execution, repeated crashes can cause extended outages and remediation toil, with potential downstream business impact on klant-facing services and SLAs.
- Most likely attack path: An attacker can target a BIG-IP deployment over the network, leveraging a misconfigured classification profile on a virtual server that lacks an HTTP or HTTP/2 profile. No credentials or user interaction required; impact is service disruption via TMM termination, with Scope unchanged and Privileges/UI not required.
- Who is most exposed: Large organisations deploying BIG-IP LTM/Next in front of internet-facing apps, especially where classification profiles are used without strict HTTP/HTTP2 protection. Common in environments that expose virtual servers directly to external traffic or multi-tenant cloud deployments.
- Detection ideas:
- TMM crash logs or core dumps; rapid restarts of traffic management services
- Unusual or sustained CPU/memory spikes and service unavailability
- Error traces or termination messages tied to classification profile handling
- Anomalous request patterns to affected virtual servers (undisclosed requests)
- Correlated outages across downstream applications
- Mitigation and prioritisation:
- Apply vendor patch/upgrades to fixed releases; verify against the advisory guidance
- Ensure virtual servers with classification profiles also have HTTP/HTTP2 profiles configured
- Disable or reconfigure misconfigured classification profiles; enforce least privilege
- Implement compensating controls (WAF, rate limiting, allow-listing) and robust monitoring
- Change-management: test in staging before production; plan a controlled rollout
- If KEV is true or EPSS ≥ 0.5, treat as priority 1; otherwise prioritise based on exposure and uptime impact
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
AI APIs OSINT driven New features
