CVE-2025-55036 – A memory corruption vulnerability in BIG-IP SSL... (How to Fix)

Q: What is the severity of CVE-2025-55036?

CVE-2025-55036 has a CVSS score of 7.5 (HIGH). A memory corruption vulnerability in BIG-IP SSL Orchestrator's explicit forward proxy when proxy connect is enabled allows attackers to potentially execute arbitrary code or cause denial of service. This affects F5 BIG-IP SSL Orchestrator users with specific configurations. Only supported software versions are affected - end-of-support versions are not evaluated.

📋 TL;DR

A memory corruption vulnerability in BIG-IP SSL Orchestrator's explicit forward proxy when proxy connect is enabled allows attackers to potentially execute arbitrary code or cause denial of service. This affects F5 BIG-IP SSL Orchestrator users with specific configurations. Only supported software versions are affected - end-of-support versions are not evaluated.

💻 Affected Systems

Products:

F5 BIG-IP SSL Orchestrator

Versions: All supported versions with explicit forward proxy and proxy connect enabled

Operating Systems: F5 TMOS

Default Config Vulnerable: ✅ No

Notes: Requires explicit forward proxy configuration on virtual server with proxy connect feature enabled. End-of-Technical-Support versions are not evaluated.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, or persistent backdoor installation.

🟠

Likely Case

Denial of service causing service disruption or system crashes affecting SSL traffic processing.

🟢

If Mitigated

Limited impact with proper network segmentation and exploit prevention controls in place.

🌐 Internet-Facing: HIGH - The vulnerability affects SSL proxy functionality that typically handles internet-facing traffic.

🏢 Internal Only: MEDIUM - Internal systems using SSL Orchestrator for internal traffic inspection could be affected.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specific undisclosed traffic patterns to vulnerable configurations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check K000151368 for specific fixed versions

Vendor Advisory: https://my.f5.com/manage/s/article/K000151368

Restart Required: Yes

Instructions:

1. Review K000151368 advisory 2. Identify affected systems 3. Download and apply appropriate patch 4. Restart affected services 5. Verify patch application

🔧 Temporary Workarounds

Disable Proxy Connect Feature

all

Temporarily disable the proxy connect feature on SSL Orchestrator explicit forward proxy configurations

tmsh modify ltm virtual <virtual_server_name> profiles remove { <proxy_connect_profile> }

Remove Explicit Forward Proxy Configuration

all

Remove explicit forward proxy configuration from vulnerable virtual servers

tmsh modify ltm virtual <virtual_server_name> profiles remove { <explicit_forward_proxy_profile> }

🧯 If You Can't Patch

Implement strict network segmentation to limit access to SSL Orchestrator instances
Deploy intrusion prevention systems with memory corruption protection rules

🔍 How to Verify

Check if Vulnerable:

Check if SSL Orchestrator has explicit forward proxy configured with proxy connect enabled using: tmsh list ltm virtual <name> field-fmt

Check Version:

tmsh show sys version

Verify Fix Applied:

Verify patch version matches fixed versions in K000151368 and proxy connect is either disabled or patched

📡 Detection & Monitoring

Log Indicators:

Memory allocation errors in /var/log/ltm
Unexpected process crashes
High memory usage spikes

Network Indicators:

Abnormal SSL/TLS connection patterns
Traffic spikes to proxy ports
Connection attempts with malformed proxy requests

SIEM Query:

source="f5_bigip" AND ("memory corruption" OR "segmentation fault" OR "proxy connect")

📊 Metadata

CVE ID: CVE-2025-55036

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

EPSS Score: 0.13% exploit probability (32.9th percentile)

Published: October 15, 2025

Last Updated: October 21, 2025

🔗 References

https://my.f5.com/manage/s/article/K000151368 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55036, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Proxy Connect Feature

Remove Explicit Forward Proxy Configuration

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities