Main Vulnerability Database Vulnerabilities #VU103723

Improper resource shutdown or release in BIG-IP and BIG-IP Next SPK - CVE-2025-22846

Published: February 7, 2025

Vulnerability identifier: #VU103723

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-22846

CWE-ID: CWE-404

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: F5 Networks

Affected software:
BIG-IP
BIG-IP Next SPK

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources when the Session Initiation Protocol (SIP) application layer gateway (ALG) profile and the SIP router ALG profile are configured on a Message Routing type virtual server. A remote attacker can send specially crafted packets to the device and perform a denial of service (DoS) attack.

How to mitigate CVE-2025-22846

Install updates from vendor's website.

Sources

https://my.f5.com/manage/s/article/K000139780

Improper resource shutdown or release in BIG-IP and BIG-IP Next SPK - CVE-2025-22846

Detailed vulnerability description

How to mitigate CVE-2025-22846

Sources

Please verify you're human