CVE-2025-36557

When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://my.f5.com/manage/s/article/K000139571	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:f5:big-ip_next_cloud-native_network_functions::::::::
	cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes::::::::
	cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes::::::::

History

06 Aug 2025, 18:14

Type	Values Removed	Values Added
CPE		cpe:2.3:a:f5:big-ip_application_security_manager:::::::: cpe:2.3:a:f5:big-ip_access_policy_manager:::::::: cpe:2.3:a:f5:big-ip_fraud_protection_service:::::::: cpe:2.3:a:f5:big-ip_domain_name_system:::::::: cpe:2.3:a:f5:big-ip_application_acceleration_manager:::::::: cpe:2.3:a:f5:big-ip_policy_enforcement_manager:::::::: cpe:2.3:a:f5:big-ip_next_cloud-native_network_functions:::::::: cpe:2.3:a:f5:big-ip_link_controller:::::::: cpe:2.3:a:f5:big-ip_local_traffic_manager:::::::: cpe:2.3:a:f5:big-ip_advanced_firewall_manager:::::::: cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:::::::: cpe:2.3:a:f5:big-ip_global_traffic_manager:::::::: cpe:2.3:a:f5:big-ip_analytics::::::::
First Time		F5 big-ip Domain Name System F5 big-ip Application Security Manager F5 big-ip Link Controller F5 big-ip Access Policy Manager F5 big-ip Application Acceleration Manager F5 big-ip Next Service Proxy For Kubernetes F5 big-ip Fraud Protection Service F5 F5 big-ip Local Traffic Manager F5 big-ip Advanced Firewall Manager F5 big-ip Policy Enforcement Manager F5 big-ip Next Cloud-native Network Functions F5 big-ip Analytics F5 big-ip Global Traffic Manager
References	~~() https://my.f5.com/manage/s/article/K000139571 -~~	() https://my.f5.com/manage/s/article/K000139571 - Vendor Advisory

08 May 2025, 14:39

Type	Values Removed	Values Added
Summary		(es) Cuando se configura un perfil HTTP con la opción "Exigir cumplimiento de RFC" en un servidor virtual, las solicitudes no divulgadas pueden provocar la finalización del microkernel de gestión de tráfico (TMM). Nota: Las versiones de software que han alcanzado el fin del soporte técnico (EoTS) no se evalúan.

07 May 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-07 22:15

Updated : 2025-08-06 18:14

NVD link : CVE-2025-36557

Mitre link : CVE-2025-36557

CVE.ORG link : CVE-2025-36557

JSON object : View

Products Affected

big-ip_fraud_protection_service
big-ip_global_traffic_manager
big-ip_link_controller
big-ip_analytics
big-ip_next_service_proxy_for_kubernetes
big-ip_next_cloud-native_network_functions
big-ip_advanced_firewall_manager
big-ip_policy_enforcement_manager
big-ip_access_policy_manager
big-ip_application_security_manager
big-ip_domain_name_system
big-ip_local_traffic_manager
big-ip_application_acceleration_manager

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

7.5 /10