HTTP/2 Implementation Flaw in F5 Networks Product
CVE-2025-54500

6.9MEDIUM

Key Information:

Vendor

F5

Vendor
CVE Published:
13 August 2025

What is CVE-2025-54500?

A vulnerability in the HTTP/2 implementation within F5 Networks products allows attackers to launch a denial-of-service (DoS) attack. By exploiting malformed HTTP/2 control frames, the attacker can disrupt service by exceeding the maximum concurrent streams limit, leading to a potential service outage.

Affected Version(s)

BIG-IP 17.5.0

BIG-IP 17.1.0

BIG-IP 16.1.0

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

F5 acknowledges Gal Bar Nahum, Anat Bremler-Barr and Yaniv Harel for bringing this issue to our attention and following the highest standards of coordinated disclosure.
.
CVE-2025-54500 : HTTP/2 Implementation Flaw in F5 Networks Product