Primary

Context

F5 BIG-IP APM Portal Access Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in F5 BIG-IP APM portal access virtual servers. When a per-request policy is applied, certain undisclosed traffic can lead to the termination of the Traffic Management Microkernel (TMM) process. This disruption causes a temporary outage as the TMM process restarts, allowing remote, unauthenticated attackers to interfere with BIG-IP system operations.

Impact

Exploitation of this vulnerability causes a denial-of-service condition on the BIG-IP system by disrupting traffic management processes, leading to temporary service outages.

Remediation

Users can upgrade to BIG-IP APM versions 17.5.1.3 or 17.1.3 to address this vulnerability. For more information about managing BIG-IP product hotfixes, refer to the F5 article K13123.

Added: Oct 15, 2025, 2:18 PM

Updated: Oct 15, 2025, 2:18 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

7.6

remediation

7.9

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

7.6

remediation

7.9

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

F5 BIG-IP APM Portal Access Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

F5 BIG-IP APM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating