CVE-2025-24326
Published: 05 February 2025
Summary
CVE-2025-24326 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in F5 Big-Ip Application Security Manager. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 34.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2025-24326 by requiring timely patching or remediation of the specific flaw causing memory exhaustion in the BADoS TLS Signatures feature.
Implements denial-of-service protections at system boundaries to block or limit undisclosed traffic exploiting the memory exhaustion vulnerability.
Enforces resource allocation limits on memory to prevent exhaustion from the high resource utilization triggered by the vulnerable TLS Signatures processing.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in BIG-IP WAF/ASM allows remote unauthenticated attackers to send undisclosed traffic causing memory exhaustion and DoS, directly enabling application/system exploitation for endpoint denial of service.
NVD Description
When BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS Signatures feature is configured, undisclosed traffic can case an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Deeper analysisAI
CVE-2025-24326 affects the BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS Signatures feature when configured. Undisclosed traffic can cause an increase in memory resource utilization, potentially leading to denial of service. The vulnerability, published on 2025-02-05, has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-787.
Remote, unauthenticated attackers with network access can exploit the vulnerability due to its low attack complexity and lack of required privileges or user interaction. Exploitation causes high-impact availability disruption through memory exhaustion, with no effects on confidentiality or integrity.
The F5 advisory at https://my.f5.com/manage/s/article/K000140950 provides details on mitigations. Note that software versions which have reached End of Technical Support (EoTS) are not evaluated.
Details
- CWE(s)