CVE-2025-61974
Published: 15 October 2025
Summary
CVE-2025-61974 is a high-severity Missing Release of Memory after Effective Lifetime (CWE-401) vulnerability in F5 Big-Ip Next Cloud-Native Network Functions. Its CVSS base score is 8.7 (High).
Operationally, ranked at the 25.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-34624
Vulnerability details
When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.