CVE-2025-22891

CWE-7724 documents4 sources
Severity
8.7HIGH
EPSS
0.4%
top 38.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
F5 Big-ipF5 Big-ip Policy Enforcement Manager
Timeline
PublishedFeb 5

Description

When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages2 packages

CVEListV5f5/big-ip17.1.017.1.2+2
NVDf5/big-ip_policy_enforcement_manager15.1.015.1.10.6.0.11.6+2

🔴Vulnerability Details

2
CVEList
BIG-IP PEM Vulnerability2025-02-05
GHSA
GHSA-892q-vr75-r4j3: When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server t2025-02-05

📋Vendor Advisories

1
F5
CVE-2025-22891: When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traff...2025-02-05
CVE-2025-22891 (HIGH CVSS 8.7) | When BIG-IP PEM Control Plane liste | cvebase.io