Vulnerability in F5 Networks Traffic Management Microkernel (TMM) with SIP Session Profiles
CVE-2025-22846

8.7HIGH

Key Information:

Vendor: F5
Status: Big-ip; Big-ip Next Spk
Vendor: CVE Published:; 5 February 2025

Summary

This vulnerability arises when SIP Session and Router ALG profiles are configured on a Message Routing type virtual server. Should certain undisclosed traffic patterns occur, it can inadvertently lead to the termination of the Traffic Management Microkernel (TMM), which may disrupt service availability and impact system performance.

Affected Version(s)

BIG-IP 17.1.0 < 17.1.2

BIG-IP 16.1.0 < 16.1.5

BIG-IP 15.1.0

References

https://my.f5.com/manage/s/article/K000139780

vendor-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 5, 2025
Vulnerability Reserved
Jan 22, 2025

Key Information:

Summary

Affected Version(s)

References

CVSS V4

Timeline

Credit