CVE-2025-52585
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-13

Last updated on: 2025-10-21

Assigner: F5 Networks

Description
When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-13
Last Modified
2025-10-21
Generated
2026-05-06
AI Q&A
2025-08-13
EPSS Evaluated
2026-05-05
NVD
CVE-2025-52585
EUVD
EUVD-2025-24640
Affected Vendors & Products
Showing 63 associated CPEs
Vendor Product Version / Range
f5 big-ip_access_policy_manager From 15.1.0 (inc) to 15.1.10.8 (exc)
f5 big-ip_advanced_firewall_manager From 16.1.0 (inc) to 16.1.5.2.0.7.5 (inc)
f5 big-ip_advanced_web_application_firewall From 15.1.0 (inc) to 15.1.10.8 (exc)
f5 big-ip_analytics From 15.1.0 (inc) to 15.1.10.8 (exc)
f5 big-ip_application_acceleration_manager From 15.1.0 (inc) to 15.1.10.8 (exc)
f5 big-ip_application_security_manager From 15.1.0 (inc) to 15.1.10.8 (exc)
f5 big-ip_application_visibility_and_reporting From 15.1.0 (inc) to 15.1.10.8 (exc)
f5 big-ip_automation_toolchain From 15.1.0 (inc) to 15.1.10.8 (exc)
f5 big-ip_carrier-grade_nat From 15.1.0 (inc) to 15.1.10.8 (exc)
f5 big-ip_container_ingress_services From 15.1.0 (inc) to 15.1.10.8 (exc)
f5 big-ip_ddos_hybrid_defender From 15.1.0 (inc) to 15.1.10.8 (exc)
f5 big-ip_domain_name_system From 15.1.0 (inc) to 15.1.10.8 (exc)
f5 big-ip_edge_gateway From 15.1.0 (inc) to 15.1.10.8 (exc)
f5 big-ip_fraud_protection_service From 15.1.0 (inc) to 15.1.10.8 (exc)
f5 big-ip_global_traffic_manager From 15.1.0 (inc) to 15.1.10.8 (exc)
f5 big-ip_link_controller From 15.1.0 (inc) to 15.1.10.8 (exc)
f5 big-ip_local_traffic_manager From 15.1.0 (inc) to 15.1.10.8 (exc)
f5 big-ip_policy_enforcement_manager From 15.1.0 (inc) to 15.1.10.8 (exc)
f5 big-ip_ssl_orchestrator From 15.1.0 (inc) to 15.1.10.8 (exc)
f5 big-ip_webaccelerator From 15.1.0 (inc) to 15.1.10.8 (exc)
f5 big-ip_websafe From 15.1.0 (inc) to 15.1.10.8 (exc)
f5 big-ip_access_policy_manager From 16.1.0 (inc) to 16.1.6 (exc)
f5 big-ip_advanced_web_application_firewall From 16.1.0 (inc) to 16.1.6 (exc)
f5 big-ip_analytics From 16.1.0 (inc) to 16.1.6 (exc)
f5 big-ip_application_acceleration_manager From 16.1.0 (inc) to 16.1.6 (exc)
f5 big-ip_application_security_manager From 16.1.0 (inc) to 16.1.6 (exc)
f5 big-ip_application_visibility_and_reporting From 16.1.0 (inc) to 16.1.6 (exc)
f5 big-ip_automation_toolchain From 16.1.0 (inc) to 16.1.6 (exc)
f5 big-ip_carrier-grade_nat From 16.1.0 (inc) to 16.1.6 (exc)
f5 big-ip_container_ingress_services From 16.1.0 (inc) to 16.1.6 (exc)
f5 big-ip_ddos_hybrid_defender From 16.1.0 (inc) to 16.1.6 (exc)
f5 big-ip_domain_name_system From 16.1.0 (inc) to 16.1.6 (exc)
f5 big-ip_edge_gateway From 16.1.0 (inc) to 16.1.6 (exc)
f5 big-ip_fraud_protection_service From 16.1.0 (inc) to 16.1.6 (exc)
f5 big-ip_global_traffic_manager From 16.1.0 (inc) to 16.1.6 (exc)
f5 big-ip_link_controller From 16.1.0 (inc) to 16.1.6 (exc)
f5 big-ip_local_traffic_manager From 16.1.0 (inc) to 16.1.6 (exc)
f5 big-ip_policy_enforcement_manager From 16.1.0 (inc) to 16.1.6 (exc)
f5 big-ip_ssl_orchestrator From 16.1.0 (inc) to 16.1.6 (exc)
f5 big-ip_webaccelerator From 16.1.0 (inc) to 16.1.6 (exc)
f5 big-ip_websafe From 16.1.0 (inc) to 16.1.6 (exc)
f5 big-ip_access_policy_manager From 17.1.0 (inc) to 17.1.2.2 (exc)
f5 big-ip_advanced_web_application_firewall From 17.1.0 (inc) to 17.1.2.2 (exc)
f5 big-ip_analytics From 17.1.0 (inc) to 17.1.2.2 (exc)
f5 big-ip_application_acceleration_manager From 17.1.0 (inc) to 17.1.2.2 (exc)
f5 big-ip_application_security_manager From 17.1.0 (inc) to 17.1.2.2 (exc)
f5 big-ip_application_visibility_and_reporting From 17.1.0 (inc) to 17.1.2.2 (exc)
f5 big-ip_automation_toolchain From 17.1.0 (inc) to 17.1.2.2 (exc)
f5 big-ip_carrier-grade_nat From 17.1.0 (inc) to 17.1.2.2 (exc)
f5 big-ip_container_ingress_services From 17.1.0 (inc) to 17.1.2.2 (exc)
f5 big-ip_ddos_hybrid_defender From 17.1.0 (inc) to 17.1.2.2 (exc)
f5 big-ip_domain_name_system From 17.1.0 (inc) to 17.1.2.2 (exc)
f5 big-ip_edge_gateway From 17.1.0 (inc) to 17.1.2.2 (exc)
f5 big-ip_fraud_protection_service From 17.1.0 (inc) to 17.1.2.2 (exc)
f5 big-ip_global_traffic_manager From 17.1.0 (inc) to 17.1.2.2 (exc)
f5 big-ip_link_controller From 17.1.0 (inc) to 17.1.2.2 (exc)
f5 big-ip_local_traffic_manager From 17.1.0 (inc) to 17.1.2.2 (exc)
f5 big-ip_policy_enforcement_manager From 17.1.0 (inc) to 17.1.2.2 (exc)
f5 big-ip_ssl_orchestrator From 17.1.0 (inc) to 17.1.2.2 (exc)
f5 big-ip_webaccelerator From 17.1.0 (inc) to 17.1.2.2 (exc)
f5 big-ip_websafe From 17.1.0 (inc) to 17.1.2.2 (exc)
f5 big-ip_advanced_firewall_manager From 16.1.0 (inc) to 16.1.5.2.0.7.5 (inc)
f5 big-ip_advanced_firewall_manager From 16.1.0 (inc) to 16.1.5.2.0.7.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs when a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled. In this configuration, certain undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate unexpectedly.


How can this vulnerability impact me? :

The vulnerability can cause the Traffic Management Microkernel (TMM) to terminate, which may lead to denial of service or disruption of traffic management on the affected BIG-IP system.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart