CVE-2025-47148
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-10-21
Assigner: F5 Networks
Description
Description
When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP), with single logout (SLO) enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization.Β Β Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| f5 | big-ip_access_policy_manager | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_access_policy_manager | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_access_policy_manager | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_access_policy_manager | 17.5.0 |
| f5 | big-ip_ssl_orchestrator | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_ssl_orchestrator | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_ssl_orchestrator | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_ssl_orchestrator | 17.5.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
