CVE-2025-24312
Published: 05 February 2025
Summary
CVE-2025-24312 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in F5 Big-Ip Advanced Firewall Manager. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 38.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-5 enforces denial-of-service protections at system entry and exit points, directly mitigating CPU exhaustion from undisclosed traffic targeting BIG-IP AFM IPS protocol inspection.
SC-6 allocates and limits resources such as CPU to prevent exhaustion caused by processing malicious traffic in the IPS module.
SI-2 requires timely identification, reporting, and correction of flaws like CVE-2025-24312, preventing exploitation through patching affected BIG-IP AFM versions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a remote unauthenticated DoS vulnerability in the public-facing F5 BIG-IP AFM (with IPS/protocol inspection enabled) triggered by specific network traffic causing CPU exhaustion. This directly enables exploitation of a public-facing application (T1190) to achieve endpoint denial of service via application/system exploitation (T1499.004).
NVD Description
When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in CPU resource utilization. Note: Software versions which have reached…
more
End of Technical Support (EoTS) are not evaluated.
Deeper analysisAI
CVE-2025-24312 is a denial-of-service vulnerability in F5 BIG-IP Advanced Firewall Manager (AFM). It affects systems where the IPS module is provisioned and enabled, and a protocol inspection profile is configured on a virtual server, firewall rule, or policy. Undisclosed traffic can trigger a significant increase in CPU resource utilization, classified under CWE-770 (Allocation of Resources Without Limits or Throttling). The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Software versions that have reached End of Technical Support (EoTS) are not evaluated.
Unauthenticated attackers with network access can exploit this vulnerability by sending the undisclosed traffic, which requires low attack complexity and no user interaction. Exploitation leads to high availability impact through CPU exhaustion, potentially causing denial of service on the affected BIG-IP AFM system.
The F5 advisory provides further details on the issue, available at https://my.f5.com/manage/s/article/K000141380.
Details
- CWE(s)