CVSS: 8.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-41414 – BIG-IP HTTP/2 vulnerability
https://notcve.org/view.php?id=CVE-2025-41414
07 May 2025 — When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated • https://my.f5.com/manage/s/article/K000140968 • CWE-476: NULL Pointer Dereference •
CVSS: 8.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-36557 – BIG-IP HTTP vulnerability
https://notcve.org/view.php?id=CVE-2025-36557
07 May 2025 — When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Techni... • https://my.f5.com/manage/s/article/K000139571 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 0CVE-2025-41399 – SCTP Vulnerability
https://notcve.org/view.php?id=CVE-2025-41399
07 May 2025 — When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are n... • https://my.f5.com/manage/s/article/K000137709 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 8.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-22846 – BIG-IP SIP Vulnerability
https://notcve.org/view.php?id=CVE-2025-22846
05 Feb 2025 — When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000139780 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-41164 – BIG-IP MPTCP vulnerability
https://notcve.org/view.php?id=CVE-2024-41164
14 Aug 2024 — When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000138477 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-23314 – BIG-IP HTTP/2 vulnerability
https://notcve.org/view.php?id=CVE-2024-23314
14 Feb 2024 — When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Cuando HTTP/2 está configurado en sistemas BIG-IP o BIG-IP Next SPK, las respuestas no reveladas pueden provocar la finalización del Microkernel de gestión de tráfico (TMM). Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se eval... • https://my.f5.com/manage/s/article/K000137675 • CWE-908: Use of Uninitialized Resource •