Primary

Context

F5 BIG-IP IPsec Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in F5 BIG-IP systems when IPsec is configured. Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate, disrupting traffic until the TMM process restarts. This issue allows a remote, unauthenticated attacker to cause a DoS on the BIG-IP system, affecting only the data plane.

Impact

Exploitation of this vulnerability disrupts traffic by causing the TMM process to terminate and restart, leading to a temporary denial-of-service condition on the BIG-IP system.

Remediation

Users can upgrade to a fixed version. For BIG-IP Next CNF and BIG-IP Next for Kubernetes, the fixed version is 2.1.0-EHF-1. For BIG-IP, the fixed versions are 17.5.1, 17.1.3, 16.1.6.1, and 15.1.10.8. F5 recommends configuring BIG-IP systems with high availability to lessen the impact of this vulnerability.

Added: Oct 15, 2025, 4:31 PM

Updated: Oct 15, 2025, 4:31 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

7.6

remediation

7.9

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

7.6

remediation

7.9

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

F5 BIG-IP IPsec Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

F5 BIG-IP Next

F5 BIG-IP Next CNF

F5 BIG-IP Next for Kubernetes

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating