CVE-2025-36557
07.05.2025, 22:15
When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
| Vendor | Product | Version |
|---|---|---|
| f5 | big-ip_access_policy_manager | 16.1.0 ≤ 𝑥 < 16.1.5 |
| f5 | big-ip_access_policy_manager | 17.1.0 ≤ 𝑥 < 17.1.2 |
| f5 | big-ip_advanced_firewall_manager | 16.1.0 ≤ 𝑥 < 16.1.5 |
| f5 | big-ip_advanced_firewall_manager | 17.1.0 ≤ 𝑥 < 17.1.2 |
| f5 | big-ip_analytics | 16.1.0 ≤ 𝑥 < 16.1.5 |
| f5 | big-ip_analytics | 17.1.0 ≤ 𝑥 < 17.1.2 |
| f5 | big-ip_application_acceleration_manager | 16.1.0 ≤ 𝑥 < 16.1.5 |
| f5 | big-ip_application_acceleration_manager | 17.1.0 ≤ 𝑥 < 17.1.2 |
| f5 | big-ip_application_security_manager | 16.1.0 ≤ 𝑥 < 16.1.5 |
| f5 | big-ip_application_security_manager | 17.1.0 ≤ 𝑥 < 17.1.2 |
| f5 | big-ip_domain_name_system | 16.1.0 ≤ 𝑥 < 16.1.5 |
| f5 | big-ip_domain_name_system | 17.1.0 ≤ 𝑥 < 17.1.2 |
| f5 | big-ip_fraud_protection_service | 16.1.0 ≤ 𝑥 < 16.1.5 |
| f5 | big-ip_fraud_protection_service | 17.1.0 ≤ 𝑥 < 17.1.2 |
| f5 | big-ip_global_traffic_manager | 16.1.0 ≤ 𝑥 < 16.1.5 |
| f5 | big-ip_global_traffic_manager | 17.1.0 ≤ 𝑥 < 17.1.2 |
| f5 | big-ip_link_controller | 16.1.0 ≤ 𝑥 < 16.1.5 |
| f5 | big-ip_link_controller | 17.1.0 ≤ 𝑥 < 17.1.2 |
| f5 | big-ip_local_traffic_manager | 16.1.0 ≤ 𝑥 < 16.1.5 |
| f5 | big-ip_local_traffic_manager | 17.1.0 ≤ 𝑥 < 17.1.2 |
| f5 | big-ip_policy_enforcement_manager | 16.1.0 ≤ 𝑥 < 16.1.5 |
| f5 | big-ip_policy_enforcement_manager | 17.1.0 ≤ 𝑥 < 17.1.2 |
| f5 | big-ip_next_cloud-native_network_functions | 1.1.0 ≤ 𝑥 < 1.4.0 |
| f5 | big-ip_next_service_proxy_for_kubernetes | 1.7.0 ≤ 𝑥 < 1.7.9 |
| f5 | big-ip_next_service_proxy_for_kubernetes | 1.8.0 ≤ 𝑥 ≤ 1.9.2 |
𝑥
= Vulnerable software versions