F5 BIG-IP Next CNF
Easy fix2 remedies
cpe:2.3:a:f5:big-ip_next:*:*:*:*:*:*:*
Easy fix2 remedies
- >= 1.1.0, <= 1.4.0
F5 BIG-IP and BIG-IP Next CNF DNS Cache Denial-of-Service Vulnerability
Vulnerability
Patched
A denial-of-service vulnerability has been identified in F5 BIG-IP and BIG-IP Next CNF virtual servers with DNS cache enabled. Undisclosed DNS queries can lead to increased memory usage, causing system performance to degrade. This issue affects several different versions and branches of BIG-IP, while BIG-IQ Centralized Management is not vulnerable.
Impact
Exploitation of this vulnerability can degrade system performance, causing the Traffic Management Microkernel (TMM) process to crash or require a manual restart. This issue leads to a denial-of-service condition on the BIG-IP system.
Remediation
Users can upgrade to versions 17.1.2.2, 16.1.6, or 15.1.10.8, depending on their current BIG-IP version. For BIG-IP Next CNF, no specific version is listed, but users should consult F5's guidance on managing product hotfixes. F5 also recommends configuring BIG-IP systems with high availability to mitigate the impact of this vulnerability.
Added: Oct 15, 2025, 2:24 PM
Updated: Oct 15, 2025, 2:24 PM
Vulnerability Rating
Custom Algorithm
spread
2.2impact
2.5exploitability
7.6remediation
7.9relevance
0.7threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.