Application Level Gateway Exploit in F5 Networks' SIP Router Configuration
CVE-2025-20045

8.7HIGH

Key Information:

Vendor: F5
Status: Big-ip
Vendor: CVE Published:; 5 February 2025

What is CVE-2025-20045?

A vulnerability exists in specific configurations of F5 Networks' SIP routing, where enabling the Application Level Gateway (ALG) mode with Passthru Mode can lead to unintentional termination of the Traffic Management Microkernel (TMM). This issue affects virtual servers configured for message routing and may expose the system to availability concerns due to unexpected traffic patterns. Users are advised to review their ALG settings and consider updates from F5 Networks to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BIG-IP 17.1.0 < 17.1.2

BIG-IP 16.1.0 < 16.1.5

BIG-IP 15.1.0

References

https://my.f5.com/manage/s/article/K000138932

vendor-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 5, 2025
Vulnerability Reserved
Jan 22, 2025

Credit

JSON

F5

What is CVE-2025-20045?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.