CVE-2025-36557 is a high-severity buffer overflow vulnerability (CWE-120) affecting F5 BIG-IP devices, specifically versions 17.1.0 and 16.1.0. The vulnerability arises when an HTTP profile configured with the 'Enforce RFC Compliance' option is applied to a virtual server. In this configuration, specially crafted, undisclosed HTTP requests can trigger a buffer overflow in the Traffic Management Microkernel (TMM), the core component responsible for processing and managing network traffic on BIG-IP devices. This overflow causes the TMM process to terminate unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability does not require authentication or user interaction and can be exploited remotely over the network (AV:N/AC:L/PR:N/UI:N). The CVSS v3.1 base score is 7.5, reflecting a high impact on availability (A:H) but no direct impact on confidentiality or integrity. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability affects supported versions only, excluding those that have reached End of Technical Support (EoTS). Given the critical role of BIG-IP devices in load balancing, application delivery, and security functions, exploitation could disrupt critical network infrastructure and services.

For European organizations, the impact of this vulnerability could be significant, especially for enterprises and service providers relying on F5 BIG-IP for application delivery and security. A successful exploit would cause the TMM to crash, leading to service outages, degraded network performance, or complete loss of access to protected applications. This can disrupt business continuity, impact customer-facing services, and potentially cause cascading failures in dependent systems. Critical sectors such as finance, healthcare, telecommunications, and government agencies that depend on BIG-IP for secure and reliable traffic management are particularly at risk. The lack of confidentiality or integrity impact reduces the risk of data breaches directly from this vulnerability, but the availability impact alone can cause operational and reputational damage. Additionally, the ease of remote exploitation without authentication increases the threat level, especially in environments exposed to the internet or untrusted networks.

European organizations should immediately review their BIG-IP configurations to identify virtual servers using HTTP profiles with the 'Enforce RFC Compliance' option enabled. Until a vendor patch is available, consider temporarily disabling this option or isolating affected virtual servers from untrusted networks to reduce exposure. Implement strict network segmentation and firewall rules to limit access to BIG-IP management and traffic interfaces. Monitor BIG-IP system logs and network traffic for unusual or malformed HTTP requests that could indicate exploitation attempts. Employ intrusion detection/prevention systems (IDS/IPS) with updated signatures to detect potential buffer overflow attacks targeting BIG-IP. Plan and test patch deployment procedures to apply vendor updates promptly once released. Additionally, maintain up-to-date backups and incident response plans to quickly recover from potential service disruptions caused by exploitation.