CVE-2025-41399 is a high-severity vulnerability affecting F5 Networks' BIG-IP product, specifically versions 15.1.0, 16.1.0, and 17.1.0. The vulnerability arises from improper resource shutdown or release (CWE-404) when a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server. In this scenario, certain undisclosed requests can trigger an abnormal increase in memory resource utilization. This behavior suggests a memory leak or failure to properly free allocated memory resources after processing specific SCTP requests. The vulnerability does not impact confidentiality or integrity directly but severely affects availability by causing resource exhaustion. The CVSS 3.1 base score is 7.5 (high), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality or integrity impact (C:N/I:N), and high impact on availability (A:H). The vulnerability is remotely exploitable without authentication or user interaction, making it a significant risk for denial-of-service (DoS) attacks. No known exploits are currently reported in the wild, and no patches are listed yet. The vulnerability affects supported versions only, excluding those that have reached End of Technical Support (EoTS).

For European organizations, the impact of CVE-2025-41399 can be substantial, especially for those relying on F5 BIG-IP devices for critical network functions such as load balancing, application delivery, and security. The vulnerability could be exploited remotely by attackers to cause memory exhaustion on BIG-IP virtual servers configured with SCTP profiles, leading to service degradation or complete denial of service. This disruption can affect availability of business-critical applications, potentially causing operational downtime, financial losses, and reputational damage. Sectors such as telecommunications, finance, healthcare, and government agencies that depend heavily on network infrastructure and secure application delivery are particularly at risk. Additionally, the lack of required authentication and user interaction lowers the barrier for attackers, increasing the likelihood of exploitation attempts. Given the strategic importance of F5 BIG-IP in European enterprise and service provider networks, this vulnerability poses a significant threat to network stability and continuity.

European organizations should take immediate steps to mitigate the risk posed by CVE-2025-41399. First, verify if any BIG-IP virtual servers are configured with SCTP profiles and assess exposure to untrusted networks. As no patches are currently available, organizations should implement temporary mitigations such as disabling SCTP profiles on virtual servers where feasible, or restricting access to these services via network segmentation and firewall rules to trusted sources only. Monitoring memory utilization on BIG-IP devices for unusual spikes can help detect exploitation attempts early. Organizations should also enable and review detailed logging for SCTP traffic to identify anomalous request patterns. Engaging with F5 support for any available hotfixes or workarounds is recommended. Additionally, preparing incident response plans for potential denial-of-service scenarios involving BIG-IP devices will improve readiness. Finally, organizations should plan for timely patch deployment once official fixes are released, ensuring devices are updated promptly to eliminate the vulnerability.