F5 BIG-IP Advanced WAF
Easy fix3 remedies
cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*
Easy fix3 remedies
- 17.5.0
- ~17.1
F5 BIG-IP Advanced WAF and ASM Denial-of-Service Vulnerability
Vulnerability
Patched
A denial-of-service vulnerability has been identified in F5 BIG-IP Advanced WAF and ASM. When a security policy is active on a virtual server, certain undisclosed requests can lead to the termination of the 'bd' process. This disruption causes a temporary outage as the process restarts, allowing remote, unauthenticated attackers to interfere with traffic on the BIG-IP system.
Impact
Exploitation of this vulnerability disrupts traffic by causing the 'bd' process to terminate and restart, leading to a temporary denial-of-service condition on the BIG-IP system.
Remediation
Users can upgrade to BIG-IP versions 17.5.1 or 17.1.3 to address this vulnerability. For BIG-IP 15.x users, version 15.1.10.8 is available. F5 also recommends configuring BIG-IP systems with high availability to mitigate the impact of this vulnerability.
Added: Oct 15, 2025, 4:28 PM
Updated: Oct 15, 2025, 4:28 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
2.5exploitability
7.6remediation
7.9relevance
0.7threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.