CVE-2025-41399

Q: What is the severity of CVE-2025-41399?

CVE-2025-41399 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to cause memory exhaustion on F5 BIG-IP systems by sending specially crafted SCTP requests to virtual servers with SCTP profiles configured. This affects F5 BIG-IP systems running vulnerable versions with SCTP-enabled virtual servers. Systems that have reached End of Technical Support are not evaluated but may still be vulnerable.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows attackers to cause memory exhaustion on F5 BIG-IP systems by sending specially crafted SCTP requests to virtual servers with SCTP profiles configured. This affects F5 BIG-IP systems running vulnerable versions with SCTP-enabled virtual servers. Systems that have reached End of Technical Support are not evaluated but may still be vulnerable.

💻 Affected Systems

Products:

F5 BIG-IP

Versions: Specific versions not disclosed in public advisory; refer to vendor documentation

Operating Systems: F5 TMOS

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when SCTP profile is configured on a virtual server. Systems that have reached End of Technical Support (EoTS) are not evaluated.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system outage due to memory exhaustion, leading to denial of service for all services on the affected BIG-IP device.

🟠

Likely Case

Degraded performance and potential service disruption for applications using SCTP virtual servers, requiring system reboot to restore functionality.

🟢

If Mitigated

Minimal impact if SCTP is not used or if proper rate limiting and monitoring are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires network access to SCTP-enabled virtual servers. No authentication required to trigger the memory exhaustion.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to F5 advisory K000137709 for specific fixed versions

Vendor Advisory: https://my.f5.com/manage/s/article/K000137709

Restart Required: Yes

Instructions:

1. Review F5 advisory K000137709 for affected versions. 2. Download and apply the appropriate patch from F5 Downloads. 3. Schedule maintenance window for restart. 4. Verify patch application and monitor system stability.

🔧 Temporary Workarounds

Disable SCTP virtual servers

all

Remove SCTP profiles from virtual servers if SCTP functionality is not required

tmsh modify ltm virtual <virtual_server_name> profiles delete { sctp }

Implement rate limiting

all

Configure connection rate limiting on SCTP virtual servers

tmsh modify ltm virtual <virtual_server_name> rate-limit <limit_value>

🧯 If You Can't Patch

Implement network segmentation to restrict access to SCTP virtual servers
Deploy additional monitoring for memory utilization on BIG-IP systems

🔍 How to Verify

Check if Vulnerable:

Check if any virtual servers have SCTP profiles configured: tmsh list ltm virtual one-line | grep sctp

Check Version:

tmsh show sys version

Verify Fix Applied:

Verify patch version matches fixed versions in advisory: tmsh show sys version

📡 Detection & Monitoring

Log Indicators:

Rapid increase in memory utilization
SCTP connection spikes
System performance degradation alerts

Network Indicators:

Unusual SCTP traffic patterns to virtual servers
High volume of SCTP connections

SIEM Query:

source="bigip_logs" AND ("memory high" OR "sctp" AND "connection spike")

📊 Metadata

CVE ID: CVE-2025-41399

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-404

EPSS Score: 0.15% exploit probability (34.8th percentile)

Published: May 7, 2025

Last Updated: October 21, 2025

🔗 References

https://my.f5.com/manage/s/article/K000137709 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Automation Toolchain by F5

Big Ip Automation Toolchain by F5

Big Ip Automation Toolchain by F5

Big Ip Carrier Grade Nat by F5

Big Ip Carrier Grade Nat by F5

Big Ip Carrier Grade Nat by F5

Big Ip Container Ingress Services by F5

Big Ip Container Ingress Services by F5

Big Ip Container Ingress Services by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Edge Gateway by F5

Big Ip Edge Gateway by F5

Big Ip Edge Gateway by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Global Traffic Manager by F5

Big Ip Global Traffic Manager by F5

Big Ip Global Traffic Manager by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Next Central Manager by F5

Big Ip Next Cloud Native Network Functions by F5

Big Ip Next Service Proxy For Kubernetes by F5

Big Ip Next Service Proxy For Kubernetes by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

Big Ip Webaccelerator by F5

Big Ip Webaccelerator by F5

Big Ip Webaccelerator by F5

Big Ip Websafe by F5

Big Ip Websafe by F5

Big Ip Websafe by F5

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable SCTP virtual servers