VDB
CISA-2025-36504
CISA-2025-36504
PUBLISHED
CVSS 7.5 HIGH
Reported by f5 · Published May 7, 2025
When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | BIG-IP | 17.5.0, 17.1.0, 16.1.0 |
| F5 | BIG-IP Next | 20.2.0 |
| F5 | BIG-IP Next SPK | 1.8.0, 1.7.0 |
| F5 | BIG-IP Next CNF | 1.1.0, 1.1.0 |
| F5 | BIG-IP Next | 20.2.0, 20.2.0 |
| F5 | BIG-IP Next SPK | 1.8.0, 1.7.0, 1.8.0 |
| F5 | BIG-IP Next CNF | 1.1.0, 1.1.0, 1.1.0 |
| F5 | BIG-IP | 16.1.0, 17.1.0, 15.1.0 |
Timeline
- May 7, 2025 CVE Published
- May 8, 2025 CVE Updated