VDB

CISA-2025-36504

CISA-2025-36504 PUBLISHED CVSS 7.5 HIGH

Reported by f5 · Published May 7, 2025

When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
F5BIG-IP17.5.0, 17.1.0, 16.1.0
F5BIG-IP Next20.2.0
F5BIG-IP Next SPK1.8.0, 1.7.0
F5BIG-IP Next CNF1.1.0, 1.1.0
F5BIG-IP Next20.2.0, 20.2.0
F5BIG-IP Next SPK1.8.0, 1.7.0, 1.8.0
F5BIG-IP Next CNF1.1.0, 1.1.0, 1.1.0
F5BIG-IP16.1.0, 17.1.0, 15.1.0

Timeline

  • May 7, 2025 CVE Published
  • May 8, 2025 CVE Updated

References

  • vendor-advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›