CVE-2025-47148
published 2025-10-15CVE-2025-47148: When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP), with single logout…
high7.1CVSS 4.0
AVNACLATNPRLUINVCNVINVAHSCNSINSALEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP), with single logout (SLO) enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | big-ip | >= 15.1.0 < 15.1.10.8 | 15.1.10.8 |
| f5 | big-ip | >= 16.1.0 < 16.1.6.1 | 16.1.6.1 |
| f5 | big-ip | >= 17.1.0 < 17.1.3 | 17.1.3 |
| f5 | big-ip | >= 17.5.0 < 17.5.1 | 17.5.1 |
| f5 | big-ip_access_policy_manager | — | — |
| f5 | big-ip_access_policy_manager | >= 15.1.0 < 15.1.10.8 | 15.1.10.8 |
| f5 | big-ip_access_policy_manager | >= 16.1.0 < 16.1.6.1 | 16.1.6.1 |
| f5 | big-ip_access_policy_manager | >= 17.1.0 < 17.1.3 | 17.1.3 |
| f5 | big-ip_apm | — | — |
| f5 | big-ip_ssl_orchestrator | — | — |
| f5 | big-ip_ssl_orchestrator | >= 15.1.0 < 15.1.10.8 | 15.1.10.8 |
| f5 | big-ip_ssl_orchestrator | >= 16.1.0 < 16.1.6.1 | 16.1.6.1 |
| f5 | big-ip_ssl_orchestrator | >= 17.1.0 < 17.1.3 | 17.1.3 |
| f5 | big-ip_sslo | — | — |