Vulnerability in F5 Networks Traffic Management Microkernel (TMM) with SIP Session Profiles
CVE-2025-22846

8.7HIGH

Key Information:

Vendor: F5
Status: Big-ip; Big-ip Next Spk
Vendor: CVE Published:; 5 February 2025

What is CVE-2025-22846?

This vulnerability arises when SIP Session and Router ALG profiles are configured on a Message Routing type virtual server. Should certain undisclosed traffic patterns occur, it can inadvertently lead to the termination of the Traffic Management Microkernel (TMM), which may disrupt service availability and impact system performance.

Affected Version(s)

BIG-IP 17.1.0 < 17.1.2

BIG-IP 16.1.0 < 16.1.5

BIG-IP 15.1.0

References

https://my.f5.com/manage/s/article/K000139780

vendor-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 5, 2025
Vulnerability Reserved
Jan 22, 2025

F5

What is CVE-2025-22846?

Affected Version(s)

References

CVSS V4

Timeline

Credit