CVE-2025-22891

EUVD-2025-3038
When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
f5CNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
f5big-ip_policy_enforcement_manager
15.1.0 ≤
𝑥
< 15.1.10.6.0.11.6
f5big-ip_policy_enforcement_manager
16.1.0 ≤
𝑥
< 16.1.5
f5big-ip_policy_enforcement_manager
17.1.0 ≤
𝑥
< 17.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://my.f5.com/manage/s/article/K000139778