CVE Alert: CVE-2025-55036 – F5 – BIG-IP

Risk verdict

High risk: network-accessible memory corruption vulnerability in the forward proxy feature with no user interaction; exploitation not observed to date.

Why this matters

Allows undisclosed traffic to affect availability via memory corruption, potentially causing crashes or instability in the proxy path. As there is no required authentication or user action, any internet- or network-facing deployment could be targeted to disrupt services or enable further abuse.

Most likely attack path

An attacker only needs network access to the virtual server housing the explicit forward proxy and the proxy connect feature enabled. With low attack complexity and no privileges required, crafted traffic could trigger memory corruption, leading to disruption or potential remote impact on the appliance. Lateral movement would be limited by the lack of built-in credentials, but a successful exploit could enable persistence or broader DoS in constrained environments.

Who is most exposed

Enterprises deploying the forward proxy in internet-facing or demilitarised environments, or in multi-tenant/cloud setups where the proxy is reachable by external or semi-trusted networks, are most at risk. Commonly adopted in large-scale deployments where explicit forward proxy traffic passes through central gateways.

Detection ideas

• Sudden proxy/device crashes or restart events and crash dumps in system logs.
• Unusual memory/CPU spikes around the proxy service.
• Anomalous network traffic to the forward proxy path, including malformed requests.
• Alerted memory corruption or fault codes in vendor advisories or SIEM; correlate with proxy connect usage.

Mitigation and prioritisation

• Patch to the latest supported release; verify both forward proxy and proxy connect components are covered.
• If possible, disable the forward proxy explicit configuration or the proxy connect feature until patched.
• Ensure deployments are within supported lifecycle (no EoTS), and apply change-management with testing in staging before production.
• Strengthen network controls: restrict access to the proxy, implement segment routes, and deploy WAF/IPS rules to monitor anomalous traffic.
• Reassess exposure in high-risk environments and implement regular, proactive health monitoring for the proxy service.