Denial of service in BIG-IP SIP ALG

1) Improper resource shutdown or release

EUVDB-ID: #VU103723

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-22846

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources when the Session Initiation Protocol (SIP) application layer gateway (ALG) profile and the SIP router ALG profile are configured on a Message Routing type virtual server. A remote attacker can send specially crafted packets to the device and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

BIG-IP: 15.0.0 - 17.1.1.4

BIG-IP Next SPK: 1.7.0 - 1.9.0

CPE2.3

• cpe:2.3:h:f5_networks:big-ip:15.0.1.4:*:*:*:*:*:*:*
• cpe:2.3:h:f5_networks:big-ip:15.1.10.6.0.11:*:*:*:*:*:*:*
• cpe:2.3:h:f5_networks:big-ip:16.0.1.2:*:*:*:*:*:*:*
• cpe:2.3:h:f5_networks:big-ip:16.1.4.3:*:*:*:*:*:*:*
• cpe:2.3:h:f5_networks:big-ip:17.0.0.2:*:*:*:*:*:*:*
• cpe:2.3:h:f5_networks:big-ip:17.1.1.4:*:*:*:*:*:*:*
• cpe:2.3:o:f5_networks:big-ip_next_spk:1.7.0:*:*:*:*:*:*:*
• cpe:2.3:o:f5_networks:big-ip_next_spk:1.7.1:*:*:*:*:*:*:*
• cpe:2.3:o:f5_networks:big-ip_next_spk:1.7.2:*:*:*:*:*:*:*

External links

http://my.f5.com/manage/s/article/K000139780

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.