CVE-2025-20058

Q: What is the severity of CVE-2025-20058?

CVE-2025-20058 has a CVSS score of 7.5 (HIGH). This vulnerability in F5 BIG-IP message routing profiles allows undisclosed traffic to cause excessive memory consumption, potentially leading to denial of service. It affects BIG-IP systems with message routing profiles configured on virtual servers. Organizations using vulnerable BIG-IP versions with this specific configuration are at risk.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability in F5 BIG-IP message routing profiles allows undisclosed traffic to cause excessive memory consumption, potentially leading to denial of service. It affects BIG-IP systems with message routing profiles configured on virtual servers. Organizations using vulnerable BIG-IP versions with this specific configuration are at risk.

💻 Affected Systems

Products:

F5 BIG-IP

Versions: Multiple versions - see F5 advisory for specific affected versions

Operating Systems: F5 TMOS

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when a message routing profile is configured on a virtual server. Systems without this specific configuration are not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system outage due to memory exhaustion, causing denial of service for all services running on the affected BIG-IP device.

🟠

Likely Case

Degraded performance and intermittent service disruptions as memory resources become constrained.

🟢

If Mitigated

Minimal impact with proper monitoring and resource limits in place, though some performance degradation may still occur.

🌐 Internet-Facing: HIGH - Internet-facing BIG-IP devices with message routing profiles are directly exposed to malicious traffic that could trigger this vulnerability.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but have reduced attack surface compared to internet-facing systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires sending specific traffic patterns to trigger memory consumption. The exact traffic patterns are undisclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to F5 advisory K000140947 for specific fixed versions

Vendor Advisory: https://my.f5.com/manage/s/article/K000140947

Restart Required: No

Instructions:

1. Review F5 advisory K000140947 for affected versions. 2. Upgrade to a fixed version listed in the advisory. 3. No restart required for the patch application.

🔧 Temporary Workarounds

Remove Message Routing Profile

all

Temporarily remove message routing profiles from virtual servers if not required for functionality

tmsh modify ltm virtual <virtual_server_name> profiles delete { <message_routing_profile_name> }

Implement Rate Limiting

all

Configure rate limiting on virtual servers with message routing profiles to limit traffic volume

tmsh create ltm profile rate-shaping <profile_name>

🧯 If You Can't Patch

Implement strict network segmentation to limit traffic to affected virtual servers
Deploy additional monitoring for memory utilization on BIG-IP systems with message routing profiles

🔍 How to Verify

Check if Vulnerable:

Check if any virtual servers have message routing profiles configured using: tmsh list ltm virtual one-line | grep -i message-routing

Check Version:

tmsh show sys version

Verify Fix Applied:

Verify version is updated to a fixed version from the F5 advisory and check memory utilization patterns

📡 Detection & Monitoring

Log Indicators:

Unusual memory consumption spikes in /var/log/ltm
High memory utilization alerts in system logs

Network Indicators:

Abnormal traffic patterns to virtual servers with message routing profiles
Increased packet rates to specific services

SIEM Query:

source="bigip_logs" ("memory" AND "high" AND "utilization") OR ("message-routing" AND "traffic" AND "spike")

📊 Metadata

CVE ID: CVE-2025-20058

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 0.34% exploit probability (56.3th percentile)

Published: February 5, 2025

Last Updated: October 21, 2025

🔗 References

https://my.f5.com/manage/s/article/K000140947 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Automation Toolchain by F5

Big Ip Automation Toolchain by F5

Big Ip Automation Toolchain by F5

Big Ip Carrier Grade Nat by F5

Big Ip Carrier Grade Nat by F5

Big Ip Carrier Grade Nat by F5

Big Ip Container Ingress Services by F5

Big Ip Container Ingress Services by F5

Big Ip Container Ingress Services by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Edge Gateway by F5

Big Ip Edge Gateway by F5

Big Ip Edge Gateway by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Global Traffic Manager by F5

Big Ip Global Traffic Manager by F5

Big Ip Global Traffic Manager by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

Big Ip Webaccelerator by F5

Big Ip Webaccelerator by F5

Big Ip Webaccelerator by F5

Big Ip Websafe by F5

Big Ip Websafe by F5

Big Ip Websafe by F5

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Remove Message Routing Profile

Implement Rate Limiting

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable: