CVE-2025-22891

BIG-IP PEM Vulnerability

CVSS 8.7 HIGHEPSS 0.4%CWE-772

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.7EPSS 0.4%KEV nãoPoC —Patch referenciado

Lifecycle

05 Feb 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected products

F5 · BIG-IP

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://my.f5.com/manage/s/article/K000139778