CVE-2025-47150
📋 TL;DR
This vulnerability allows attackers to send specific SNMP requests to F5OS Appliance and Chassis systems, causing excessive memory consumption that could lead to denial of service. It affects systems with SNMP configured and running vulnerable F5OS versions. Systems with SNMP disabled or running end-of-support versions are not vulnerable.
💻 Affected Systems
- F5OS Appliance
- F5OS Chassis systems
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system unavailability due to memory exhaustion, causing service disruption for all applications running on the affected F5 device.
Likely Case
Degraded performance and potential service interruptions as SNMP memory consumption increases, affecting monitoring and management capabilities.
If Mitigated
Minimal impact if SNMP is disabled or proper network controls prevent unauthorized SNMP access.
🎯 Exploit Status
Exploitation requires sending specific undisclosed SNMP requests to vulnerable systems. Attackers need network access to SNMP service and knowledge of the triggering requests.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to vendor advisory K000149820 for specific fixed versions
Vendor Advisory: https://my.f5.com/manage/s/article/K000149820
Restart Required: No
Instructions:
1. Review vendor advisory K000149820 for affected versions. 2. Upgrade to patched F5OS version. 3. Verify SNMP functionality after upgrade.
🔧 Temporary Workarounds
Disable SNMP
allCompletely disable SNMP service if not required for operations
# Disable SNMP via F5OS CLI
configure
delete snmp
commit
Restrict SNMP Access
allLimit SNMP access to trusted management networks only
# Configure SNMP access controls
configure
set snmp community <community> access <acl-name>
commit
🧯 If You Can't Patch
- Disable SNMP service entirely if not required
- Implement strict network ACLs to limit SNMP access to trusted management IPs only
🔍 How to Verify
Check if Vulnerable:
Check if SNMP is enabled and running on F5OS systems. Review system version against vendor advisory.Check Version:
show versionVerify Fix Applied:
Verify system is running patched version from vendor advisory and monitor SNMP memory usage for abnormal patterns.📡 Detection & Monitoring
Log Indicators:
- Unusual SNMP request patterns
- SNMP process memory usage spikes
- System log warnings about memory exhaustion
Network Indicators:
- Unusual SNMP traffic volume from single sources
- SNMP requests to non-standard OIDs
SIEM Query:
source="f5os" AND ("SNMP" AND ("memory" OR "high utilization"))