CVE-2025-48008

EPSS 0.11%
Veröffentlicht 15.10.2025 13:55:44
Zuletzt bearbeitet 21.10.2025 18:53:07
Quelle f5sirt@f5.com
CVE-Watchlists
Login
Unerledigt
Login

When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

F5 ≫ Big-ip Next Cloud-native Network Functions Version >= 1.1.0 <= 1.4.1

F5 ≫ Big-ip Next Service Proxy For Kubernetes Version >= 1.7.0 <= 1.9.2

F5 ≫ Big-ip Access Policy Manager Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Advanced Firewall Manager Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Advanced Web Application Firewall Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Analytics Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Application Acceleration Manager Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Application Security Manager Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Application Visibility And Reporting Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Automation Toolchain Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Carrier-grade Nat Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Container Ingress Services Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Ddos Hybrid Defender Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Domain Name System Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Edge Gateway Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Fraud Protection Service Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Global Traffic Manager Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Link Controller Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Local Traffic Manager Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Policy Enforcement Manager Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Ssl Orchestrator Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Webaccelerator Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Websafe Version >= 15.1.0 < 15.1.10.8

F5 ≫ Big-ip Access Policy Manager Version >= 16.1.0 < 16.1.6

F5 ≫ Big-ip Advanced Firewall Manager Version >= 16.1.0 < 16.1.6

F5 ≫ Big-ip Advanced Web Application Firewall Version >= 16.1.0 < 16.1.6

F5 ≫ Big-ip Analytics Version >= 16.1.0 < 16.1.6

F5 ≫ Big-ip Application Acceleration Manager Version >= 16.1.0 < 16.1.6

F5 ≫ Big-ip Application Security Manager Version >= 16.1.0 < 16.1.6

F5 ≫ Big-ip Application Visibility And Reporting Version >= 16.1.0 < 16.1.6

F5 ≫ Big-ip Automation Toolchain Version >= 16.1.0 < 16.1.6

F5 ≫ Big-ip Carrier-grade Nat Version >= 16.1.0 < 16.1.6

F5 ≫ Big-ip Container Ingress Services Version >= 16.1.0 < 16.1.6

F5 ≫ Big-ip Ddos Hybrid Defender Version >= 16.1.0 < 16.1.6

F5 ≫ Big-ip Domain Name System Version >= 16.1.0 < 16.1.6

F5 ≫ Big-ip Edge Gateway Version >= 16.1.0 < 16.1.6

F5 ≫ Big-ip Fraud Protection Service Version >= 16.1.0 < 16.1.6

F5 ≫ Big-ip Global Traffic Manager Version >= 16.1.0 < 16.1.6

F5 ≫ Big-ip Link Controller Version >= 16.1.0 < 16.1.6

F5 ≫ Big-ip Local Traffic Manager Version >= 16.1.0 < 16.1.6

F5 ≫ Big-ip Policy Enforcement Manager Version >= 16.1.0 < 16.1.6

F5 ≫ Big-ip Ssl Orchestrator Version >= 16.1.0 < 16.1.6

F5 ≫ Big-ip Webaccelerator Version >= 16.1.0 < 16.1.6

F5 ≫ Big-ip Websafe Version >= 16.1.0 < 16.1.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.296

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
f5sirt@f5.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
f5sirt@f5.com	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://my.f5.com/manage/s/article/K000150614

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-48008

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-48008

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-48008

EUVD