CVE-2025-48008

Q: What is the severity of CVE-2025-48008?

CVE-2025-48008 has a CVSS score of 7.5 (HIGH). This vulnerability affects F5 BIG-IP systems with TCP profiles configured with Multipath TCP (MPTCP) enabled on virtual servers. Under specific traffic conditions, it causes the Traffic Management Microkernel (TMM) to terminate, leading to denial of service. Only systems running supported software versions are affected.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability affects F5 BIG-IP systems with TCP profiles configured with Multipath TCP (MPTCP) enabled on virtual servers. Under specific traffic conditions, it causes the Traffic Management Microkernel (TMM) to terminate, leading to denial of service. Only systems running supported software versions are affected.

💻 Affected Systems

Products:

F5 BIG-IP

Versions: Supported versions with MPTCP capability (specific versions not detailed in reference)

Operating Systems: F5 TMOS

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when TCP profile with MPTCP enabled is configured on a virtual server. End-of-Technical-Support versions are not evaluated.

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Automation Toolchain by F5

Big Ip Automation Toolchain by F5

Big Ip Carrier Grade Nat by F5

Big Ip Carrier Grade Nat by F5

Big Ip Container Ingress Services by F5

Big Ip Container Ingress Services by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Edge Gateway by F5

Big Ip Edge Gateway by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Global Traffic Manager by F5

Big Ip Global Traffic Manager by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Next Cloud Native Network Functions by F5

Big Ip Next Service Proxy For Kubernetes by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

Big Ip Webaccelerator by F5

Big Ip Webaccelerator by F5

Big Ip Websafe by F5

Big Ip Websafe by F5

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable MPTCP on TCP profiles

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities