CVE-2025-20045
Published: 05 February 2025
Description
When SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled and SIP router ALG profile are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Security Summary
CVE-2025-20045 is a denial-of-service vulnerability affecting the Traffic Management Microkernel (TMM) in F5 BIG-IP systems. It occurs when a SIP session Application Level Gateway (ALG) profile with Passthru Mode enabled, combined with a SIP router ALG profile, is configured on a Message Routing type virtual server. In this scenario, undisclosed traffic triggers a NULL pointer dereference (CWE-476), causing the TMM to terminate. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Software versions that have reached End of Technical Support (EoTS) were not evaluated.
Remote attackers can exploit this vulnerability over the network without authentication or user interaction. By sending the undisclosed traffic to the affected virtual server under the specified SIP ALG configurations, an attacker can cause the TMM to crash, resulting in a denial of service that disrupts traffic processing and potentially requires manual restart or failover.
The F5 security advisory provides details on mitigation and affected versions at https://my.f5.com/manage/s/article/K000138932.
Details
- CWE(s)