F5 BIG-IP PEM
Moderate fix3 remedies
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*
Moderate fix3 remedies
- 21.0.0
- 17.5.0 - 17.5.1
- 17.1.0 - 17.1.3
- 16.1.0 - 16.1.6
F5 BIG-IP PEM iRules Denial-of-Service Vulnerability
Vulnerability
Patched
A denial-of-service vulnerability has been identified in F5 BIG-IP PEM when iRules are applied to a virtual server. This issue arises from certain iRule commands related to traffic classification and URL query manipulation. Under specific, undisclosed traffic conditions, this vulnerability can cause the Traffic Management Microkernel (TMM) to crash, disrupting service until the process is restarted.
Impact
Exploitation of this vulnerability leads to a crash of the Traffic Management Microkernel (TMM), causing a disruption in service while the process restarts. This issue allows a remote, unauthenticated attacker to cause a denial-of-service condition on the BIG-IP system, affecting only the data plane.
Remediation
Users can upgrade to BIG-IP versions 21.0.0.1, 17.5.1.4, or 17.1.3.1 to address this vulnerability. For more information about managing BIG-IP product hotfixes, refer to the F5 article K13123.
Added: May 13, 2026, 6:05 PM
Updated: May 13, 2026, 6:05 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
2.5exploitability
7.6remediation
7.7relevance
8.2threat
0.0urgency
2.9incentive
4.2Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.