Primary

Context

F5 BIG-IP APM Access Profile Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in F5 BIG-IP systems when the Access Policy Manager (APM) Access Profile is enabled on a virtual server. Undisclosed requests can lead to the termination of the Traffic Management Microkernel (TMM) process, causing a disruption as TMM restarts. This issue allows remote, unauthenticated attackers to disrupt traffic on the BIG-IP system.

Impact

Exploitation of this vulnerability causes a denial-of-service condition on the BIG-IP system by disrupting traffic management processes, which are temporarily halted until the process restarts.

Remediation

Users can upgrade to BIG-IP versions 17.1.2, 16.1.5, or consult the F5 BIG-IP hotfix and point release matrix for guidance. For more information about managing BIG-IP product hotfixes, refer to the F5 article K13123.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

F5 BIG-IP APM Access Profile Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating