Cyber Posture

CVE-2025-21091

High

Published: 05 February 2025

Published
05 February 2025
Modified
21 October 2025
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0063 70.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Security Summary

CVE-2025-21091 affects F5 BIG-IP systems when SNMP v1 or v2c are disabled, allowing undisclosed requests to cause an increase in memory resource utilization. This vulnerability, published on 2025-02-05, is classified under CWE-401 (Memory Leak) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its potential for availability impact.

Unauthenticated attackers with network access can exploit this issue with low attack complexity and no user interaction required. Exploitation involves sending the undisclosed requests, leading to memory exhaustion and potential denial-of-service conditions on the affected BIG-IP system.

Mitigation details are available in the F5 security advisory at https://my.f5.com/manage/s/article/K000140933. Note that software versions which have reached End of Technical Support (EoTS) are not evaluated.

Details

CWE(s)
CWE-401

Affected Products

f5
big-ip access policy manager
15.1.0 — 15.1.10 · 16.1.0 — 16.1.6 · 17.1.0 — 17.1.2
f5
big-ip advanced firewall manager
15.1.0 — 15.1.10 · 16.1.0 — 16.1.6 · 17.1.0 — 17.1.2
f5
big-ip advanced web application firewall
15.1.0 — 15.1.10 · 16.1.0 — 16.1.6 · 17.1.0 — 17.1.2
f5
big-ip analytics
15.1.0 — 15.1.10 · 16.1.0 — 16.1.6 · 17.1.0 — 17.1.2
f5
big-ip application acceleration manager
15.1.0 — 15.1.10 · 16.1.0 — 16.1.6 · 17.1.0 — 17.1.2
f5
big-ip application security manager
15.1.0 — 15.1.10 · 16.1.0 — 16.1.6 · 17.1.0 — 17.1.2
f5
big-ip application visibility and reporting
15.1.0 — 15.1.10 · 16.1.0 — 16.1.6 · 17.1.0 — 17.1.2
f5
big-ip automation toolchain
15.1.0 — 15.1.10 · 16.1.0 — 16.1.6 · 17.1.0 — 17.1.2
f5
big-ip carrier-grade nat
15.1.0 — 15.1.10 · 16.1.0 — 16.1.6 · 17.1.0 — 17.1.2
f5
big-ip container ingress services
15.1.0 — 15.1.10 · 16.1.0 — 16.1.6 · 17.1.0 — 17.1.2
+11 more product configuration(s) — see NVD for full list

References