CVE-2025-24319
📋 TL;DR
This vulnerability allows attackers to send specific API requests to BIG-IP Next Central Manager that cause its Kubernetes service to crash, resulting in denial of service. This affects organizations running vulnerable versions of BIG-IP Next Central Manager for managing their F5 infrastructure.
💻 Affected Systems
- F5 BIG-IP Next Central Manager
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete disruption of BIG-IP Next Central Manager functionality, preventing management of BIG-IP Next instances and potentially cascading to affect managed services.
Likely Case
Temporary service interruption requiring manual restart of the Central Manager Kubernetes service, causing management downtime.
If Mitigated
Limited impact with proper network segmentation and API access controls preventing unauthorized requests.
🎯 Exploit Status
Undisclosed API requests trigger the crash, suggesting simple HTTP requests could cause the issue. No authentication bypass mentioned.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 20.2.0 and later
Vendor Advisory: https://my.f5.com/manage/s/article/K000148412
Restart Required: Yes
Instructions:
1. Backup Central Manager configuration. 2. Upgrade to BIG-IP Next Central Manager 20.2.0 or later. 3. Verify service functionality post-upgrade.
🔧 Temporary Workarounds
Restrict API Access
allLimit network access to Central Manager API endpoints to trusted management networks only
Configure firewall rules to restrict access to Central Manager API ports (typically 443)
API Rate Limiting
allImplement rate limiting on API requests to prevent rapid exploitation attempts
Configure API gateway or load balancer to limit request rates to Central Manager
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Central Manager from untrusted networks
- Monitor Central Manager service health and implement automated restart procedures for service recovery
🔍 How to Verify
Check if Vulnerable:
Check Central Manager version via web UI or API. Versions below 20.2.0 are vulnerable.Check Version:
curl -k https://<central-manager-ip>/api/v1/system/versionVerify Fix Applied:
After upgrade to 20.2.0+, verify Central Manager Kubernetes service remains stable under normal API usage.📡 Detection & Monitoring
Log Indicators:
- Kubernetes service termination logs
- Central Manager API error logs showing unexpected requests
- Service restart events in system logs
Network Indicators:
- Unusual API request patterns to Central Manager endpoints
- Sudden drop in Central Manager API responses
SIEM Query:
source="central-manager-logs" AND ("service terminated" OR "kubelet restart" OR "pod crash")