CVE Alert: CVE-2025-46706 - F5 - BIG-IP

CVE-2025-46706

HIGHNo exploitation known

When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS v3.1 (7.5)

AV NETWORK · AC LOW · PR NONE · UI NONE · S UNCHANGED

Vendor

F5, F5, F5

Product

BIG-IP, BIG-IP Next SPK, BIG-IP Next CNF

Versions

17.5.0 lt * | 17.1.0 lt 17.1.2.2 | 16.1.0 lt 16.1.6 | 15.1.0 lt * | 2.0.0 lt * | 1.7.0 lt * | 2.0.0 lt * | 1.1.0 lt *

CWE

CWE-770, CWE-770 Allocation of Resources Without Limits or Throttling

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published

2025-10-15T13:55:45.786Z

Updated

2025-10-15T17:29:26.907Z

References

https://my.f5.com/manage/s/article/K000151611

AI Summary Analysis

Risk verdict

High risk of remote denial-of-service via memory resource exhaustion on BIG-IP deployments where an iRule uses HTTP::respond; currently no active exploitation detected.

Why this matters

Uncontrolled memory growth can degrade or disable services, impacting availability and user experience. Realistic attacker goals include degrading performance or triggering outages on internet-facing or internal applications, especially in environments relying on iRules for traffic shaping.

Most likely attack path

Remote, unauthenticated exploitation over the network against a virtual server containing an iRule with HTTP::respond. No user interaction required; attacker capitalises on low attack complexity and unauthenticated access to trigger resource growth. Preconditions include: an affected BIG-IP instance with the vulnerable iRule in use; unchanged scope; no privileges required.

Who is most exposed

Organizations deploying BIG-IP in public-facing or critical internal services, particularly where iRules are heavily used and older or unsupported branches are in use. Environments with large, shared virtual servers or high request rates are at higher risk.

Detection ideas

Sudden spikes in memory/CPU usage on affected BIG-IP devices.
Alerts for unusual HTTP::respond usage in iRules or anomalous response sizes.
Logs showing repeated HTTP::respond hits on a virtual server.
Performance monitoring showing degraded availability without other root causes.
Unexpected crash dumps or failovers linked to iRule processing.

Mitigation and prioritisation

Patch to supported versions; apply vendor-recommended updates promptly.
Review and remove or disable non-essential iRules containing HTTP::respond; implement strict change control.
Enable rate limiting, WAF rules, or traffic throttling around vulnerable endpoints.
Validate configurations in non-production environments before rollout; plan a staged update.
Monitor memory utilisation and set alerts for early signs of resource pressure. If KEV or EPSS indicators emerge, treat as priority 1.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: big-ip, big-ip-next-cnf, big-ip-next-spk, CVE, cve-2025-46706, f5, OSINT, threatintel