CVE-2025-47148

Summary

When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP), with single logout (SLO) enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Software

VendorProductVersion RangeStatus
F5BIG-IP17.5.0 < 17.5.1affected
F5BIG-IP17.1.0 < 17.1.3affected
F5BIG-IP16.1.0 < 16.1.6.1affected
F5BIG-IP15.1.0 < 15.1.10.8affected

Weaknesses

  • CWE-404: CWE-404 Improper Resource Shutdown or Release

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References