Security Policy Vulnerability in BIG-IP Advanced WAF by F5 Networks
CVE-2025-61935

8.7HIGH

Key Information:

Vendor: F5
Status: Big-ip
Vendor: CVE Published:; 15 October 2025

What is CVE-2025-61935?

A vulnerability has been identified in F5 Networks' BIG-IP Advanced WAF and ASM where certain undisclosed requests may lead to the termination of the bd process when a security policy is configured on a virtual server. This can potentially disrupt service continuity and impact application security. Users are advised to consult the vendor's advisory for mitigation strategies and to assess their configurations.

Affected Version(s)

BIG-IP 17.5.0 < 17.5.1

BIG-IP 17.1.0 < 17.1.3

BIG-IP 15.1.0 < 15.1.10.8

References

https://my.f5.com/manage/s/article/K000154664

vendor-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Oct 3, 2025

Credit

JSON