F5 BIG-IP SSL Orchestrator
Moderate fix3 remedies
cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*
Moderate fix3 remedies
- >= 17.1.0, <= 17.1.2
- >= 16.1.0, <= 16.1.5
- >= 15.1.0, <= 15.1.10
F5 BIG-IP SSL Orchestrator Memory Corruption Vulnerability Leading to Denial-of-Service
Vulnerability
Patched
A memory corruption vulnerability has been identified in F5 BIG-IP SSL Orchestrator versions 15.1.0 through 15.1.10, 16.1.0 through 16.1.5, and 17.1.0 through 17.1.2. This vulnerability occurs when the explicit forward proxy is enabled on a virtual server, allowing undisclosed traffic to cause memory corruption. The resulting impact can degrade system performance, causing the Traffic Management Microkernel (TMM) process to crash or require a manual restart.
Impact
Exploitation of this vulnerability can lead to a degradation of service, causing a denial-of-service condition on the BIG-IP system by disrupting the Traffic Management Microkernel (TMM) process.
Remediation
Users can upgrade to BIG-IP SSL Orchestrator versions 17.1.3, 16.1.6, or 15.1.10.8 to address this vulnerability. For more information about F5 hotfixes and point releases, refer to the F5 BIG-IP hotfix and point release matrix.
Added: Oct 15, 2025, 2:33 PM
Updated: Oct 15, 2025, 2:33 PM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
2.5exploitability
7.6remediation
7.7relevance
0.7threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.