CVE-2025-54805

MEDIUM EPSS 19.6%
Published Oct 15, 20258mo ago · Modified Jun 17, 20261w ago
6.0 CVSS 4.0
Medium
Find Similar
Published Oct 15, 2025 8mo ago
Last Modified Jun 17, 2026 1w ago

Description

When an iRule is configured on a virtual server via the declarative API, upon re-instantiation, the cleanup process can cause an increase in the Traffic Management Microkernel (TMM) memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS Details

Base Score
6.0
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
19.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-401

Affected Products 3

VendorProductVersionRange
f5big-ip_next_cloud-native_network_functions*≥1.1.0  –  ≤1.4.1
f5big-ip_next_for_kubernetes2.0.0any
f5big-ip_next_service_proxy_for_kubernetes*≥1.7.0  –  ≤1.9.2

References 1

  • my.f5.com https://my.f5.com/manage/s/article/K000151596
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.