CVE-2025-60016
published 2025-10-15CVE-2025-60016: When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group, and that…
high8.7CVSS 4.0
AVNACLATNPRNUINVCNVINVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group, and that profile is applied to a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | big-ip | >= 17.1.0 < 17.1.2 | 17.1.2 |
| f5 | big-ip_next_cloud-native_network_functions | >= 1.1.0 < 1.4.0 | 1.4.0 |
| f5 | big-ip_next_cnf | — | — |
| f5 | big-ip_next_cnf | >= 1.1.0 < 1.4.0 | 1.4.0 |
| f5 | big-ip_next_service_proxy_for_kubernetes | — | — |
| f5 | big-ip_next_service_proxy_for_kubernetes | 1.7.0 – 1.9.2 | — |
| f5 | big-ip_next_spk | >= 1.7.0 < * | * |