CVE-2025-54805 – This vulnerability in F5 BIG-IP systems causes ... (How to Fix)

Q: What is the severity of CVE-2025-54805?

CVE-2025-54805 has a CVSS score of 6.5 (MEDIUM). This vulnerability in F5 BIG-IP systems causes memory resource exhaustion in the Traffic Management Microkernel (TMM) when iRules are configured via the declarative API and virtual servers are re-instantiated. This affects BIG-IP systems running vulnerable versions with iRules configured via declarative API. The issue can lead to denial of service conditions.

📋 TL;DR

This vulnerability in F5 BIG-IP systems causes memory resource exhaustion in the Traffic Management Microkernel (TMM) when iRules are configured via the declarative API and virtual servers are re-instantiated. This affects BIG-IP systems running vulnerable versions with iRules configured via declarative API. The issue can lead to denial of service conditions.

💻 Affected Systems

Products:

F5 BIG-IP

Versions: Specific versions not detailed in CVE description; refer to F5 advisory K000151596 for exact affected versions

Operating Systems: F5 TMOS

Default Config Vulnerable: ✅ No

Notes: Only affects systems with iRules configured via declarative API on virtual servers that undergo re-instantiation

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete TMM memory exhaustion leading to system instability, service disruption, and potential denial of service for all traffic managed by the affected BIG-IP system.

🟠

Likely Case

Gradual memory consumption increase causing performance degradation, intermittent connection drops, and reduced system reliability over time.

🟢

If Mitigated

Minimal impact with proper monitoring and memory thresholds in place, potentially causing only minor performance fluctuations.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires administrative access to configure iRules via declarative API and trigger re-instantiation of virtual servers

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to F5 advisory K000151596 for fixed versions

Vendor Advisory: https://my.f5.com/manage/s/article/K000151596

Restart Required: No

Instructions:

1. Review F5 advisory K000151596 for affected versions. 2. Upgrade to fixed version per F5 documentation. 3. Verify fix by monitoring TMM memory usage after virtual server re-instantiation.

🔧 Temporary Workarounds

Avoid declarative API for iRules

all

Configure iRules using traditional methods instead of declarative API to prevent the memory leak condition

Limit virtual server re-instantiation

all

Minimize configuration changes that trigger virtual server re-instantiation when using declarative API iRules

🧯 If You Can't Patch

Implement strict change control to minimize virtual server re-instantiation events
Deploy enhanced monitoring for TMM memory usage with automated alerts for abnormal increases

🔍 How to Verify

Check if Vulnerable:

Check if using declarative API for iRules and monitor TMM memory usage after virtual server re-instantiation events

Check Version:

tmsh show sys version

Verify Fix Applied:

After patching, configure iRules via declarative API, trigger virtual server re-instantiation, and verify TMM memory usage remains stable

📡 Detection & Monitoring

Log Indicators:

Increasing TMM memory usage patterns in system logs
Virtual server re-instantiation events in configuration logs

Network Indicators:

Increased latency or connection failures through BIG-IP
Degraded application performance

SIEM Query:

source="bigip_logs" AND ("TMM memory" OR "virtual server re-instantiation")

📊 Metadata

CVE ID: CVE-2025-54805

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.13% exploit probability (32.7th percentile)

Published: October 15, 2025

Last Updated: October 21, 2025

🔗 References

https://my.f5.com/manage/s/article/K000151596 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54805, you might also want to check these: