CVE-2025-61935 – This vulnerability allows attackers to cause de... (How to Fix)

Q: What is the severity of CVE-2025-61935?

CVE-2025-61935 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to cause denial of service by sending specific requests to BIG-IP Advanced WAF or ASM security policies, terminating the bd process. It affects F5 BIG-IP systems with these modules configured. Only supported software versions are affected, not end-of-support versions.

📋 TL;DR

This vulnerability allows attackers to cause denial of service by sending specific requests to BIG-IP Advanced WAF or ASM security policies, terminating the bd process. It affects F5 BIG-IP systems with these modules configured. Only supported software versions are affected, not end-of-support versions.

💻 Affected Systems

Products:

F5 BIG-IP Advanced WAF
F5 BIG-IP ASM

Versions: Supported versions with these modules configured (specific versions not detailed in advisory)

Operating Systems: F5 TMOS

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when Advanced WAF or ASM security policy is configured on a virtual server. Systems without these modules or with unconfigured policies are not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption for affected virtual servers, requiring manual intervention to restore functionality.

🟠

Likely Case

Intermittent service outages affecting web application availability until the bd process is restarted.

🟢

If Mitigated

Minimal impact with proper network segmentation and request filtering in place.

🌐 Internet-Facing: HIGH - Virtual servers with WAF/ASM policies exposed to the internet are directly vulnerable to DoS attacks.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but attack surface is reduced compared to internet-facing systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability can be triggered by sending undisclosed requests, suggesting relatively simple exploitation once the specific request pattern is discovered.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to F5 advisory K000154664 for specific fixed versions

Vendor Advisory: https://my.f5.com/manage/s/article/K000154664

Restart Required: Yes

Instructions:

1. Review F5 advisory K000154664 for applicable fixed versions. 2. Download and install the appropriate patch from F5 Downloads. 3. Restart affected services or the entire BIG-IP system as required.

🔧 Temporary Workarounds

Temporary request filtering

all

Implement request filtering rules to block suspicious patterns that might trigger the vulnerability

Configure via F5 TMSH or GUI: modify security policy to add blocking rules for anomalous requests

🧯 If You Can't Patch

Implement strict network segmentation to limit access to affected virtual servers
Deploy additional DoS protection mechanisms in front of BIG-IP systems

🔍 How to Verify

Check if Vulnerable:

Check if you have Advanced WAF or ASM security policies configured on virtual servers and verify your BIG-IP version against the F5 advisory.

Check Version:

tmsh show sys version

Verify Fix Applied:

After patching, verify the installed version matches or exceeds the fixed version listed in the F5 advisory.

📡 Detection & Monitoring

Log Indicators:

bd process termination events in /var/log/ltm
Unexpected service restarts in system logs
Increased error rates in application logs

Network Indicators:

Sudden drops in traffic to specific virtual servers
Unusual request patterns targeting WAF/ASM endpoints

SIEM Query:

source="bigip_logs" AND ("bd terminated" OR "process crash" OR "segmentation fault")

📊 Metadata

CVE ID: CVE-2025-61935

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-252

EPSS Score: 0.13% exploit probability (32.9th percentile)

Published: October 15, 2025

Last Updated: October 21, 2025

🔗 References

https://my.f5.com/manage/s/article/K000154664 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61935, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Temporary request filtering

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities