CVE-2025-24312
Published: 05 February 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-24312 is a denial-of-service vulnerability in F5 BIG-IP Advanced Firewall Manager (AFM). It affects systems where the IPS module is provisioned and enabled, and a protocol inspection profile is configured on a virtual server, firewall rule, or policy. Undisclosed traffic can trigger a significant increase in CPU resource utilization, classified under CWE-770 (Allocation of Resources Without Limits or Throttling). The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Software versions that have reached End of Technical Support (EoTS) are not evaluated.
Unauthenticated attackers with network access can exploit this vulnerability by sending the undisclosed traffic, which requires low attack complexity and no user interaction. Exploitation leads to high availability impact through CPU exhaustion, potentially causing denial of service on the affected BIG-IP AFM system.
The F5 advisory provides further details on the issue, available at https://my.f5.com/manage/s/article/K000141380.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE describes a remote unauthenticated DoS vulnerability in the public-facing F5 BIG-IP AFM (with IPS/protocol inspection enabled) triggered by specific network traffic causing CPU exhaustion. This directly enables exploitation of a public-facing application (T1190) to achieve endpoint denial of service via application/system exploitation (T1499.004).