Primary

Context

F5 BIG-IP PEM Traffic Management Microkernel Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in F5 BIG-IP PEM systems licensed with URL categorization. When the URL categorization policy or an iRule using the urlcat command is active on a virtual server, certain undisclosed requests can lead to the termination of the Traffic Management Microkernel (TMM) process. This disruption causes a temporary outage as the TMM process restarts.

Impact

Exploitation of this vulnerability causes a denial-of-service condition on the BIG-IP system by disrupting traffic management processes, leading to a temporary loss of service.

Remediation

F5 has released an engineering hotfix for this vulnerability, available through the MyF5 Downloads page. For more information about managing BIG-IP product hotfixes, refer to the F5 article K13123.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

7.6

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

7.6

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

F5 BIG-IP PEM Traffic Management Microkernel Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

F5 BIG-IP PEM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating