HTTP/2 Implementation Flaw in F5 Networks Product
CVE-2025-54500
6.9MEDIUM
Key Information:
- Vendor
F5
- Vendor
- CVE Published:
- 13 August 2025
What is CVE-2025-54500?
A vulnerability in the HTTP/2 implementation within F5 Networks products allows attackers to launch a denial-of-service (DoS) attack. By exploiting malformed HTTP/2 control frames, the attacker can disrupt service by exceeding the maximum concurrent streams limit, leading to a potential service outage.
Affected Version(s)
BIG-IP 17.5.0
BIG-IP 17.1.0
BIG-IP 16.1.0
References
CVSS V4
Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
F5 acknowledges Gal Bar Nahum, Anat Bremler-Barr and Yaniv Harel for bringing this issue to our attention and following the highest standards of coordinated disclosure.