CVE-2025-22891

Summary

When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Software

VendorProductVersion RangeStatus
F5BIG-IP17.1.0 < 17.1.2affected
F5BIG-IP16.1.0 < 16.1.5affected
F5BIG-IP15.1.0 < *affected

Weaknesses

  • CWE-772: CWE-772 Missing Release of Resource after Effective Lifetime

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References