Primary

Context

F5 BIG-IP Multipath TCP Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in F5 BIG-IP systems when a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server. Under certain undisclosed traffic conditions, which are beyond the attacker's control, the Traffic Management Microkernel (TMM) may terminate, disrupting service. This issue affects BIG-IP versions 15.1.0 through 15.1.10, 16.1.0 through 16.1.5, and 17.1.0 through 17.1.2.

Impact

Exploitation of this vulnerability causes the TMM process to terminate, disrupting traffic until the process restarts, thereby creating a denial-of-service condition on the BIG-IP system.

Remediation

Users can upgrade to BIG-IP versions 15.1.10.8, 16.1.6, or 17.1.2.2, depending on their current version. For more information about managing BIG-IP product hotfixes, refer to the F5 article K13123.

Added: Oct 15, 2025, 2:40 PM

Updated: Oct 15, 2025, 2:40 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.6

remediation

7.9

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.6

remediation

7.9

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

F5 BIG-IP Multipath TCP Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

F5 BIG-IP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating