CVE-2025-54479 is an out-of-bounds write vulnerability classified under CWE-787 affecting F5 Networks' BIG-IP product, specifically its Traffic Management Microkernel (TMM). The flaw arises when a classification profile is set on a virtual server without an accompanying HTTP or HTTP/2 profile. Under these conditions, specially crafted, undisclosed network requests can trigger an out-of-bounds write in TMM, causing it to terminate unexpectedly. This termination leads to a denial of service (DoS) by disrupting the traffic management capabilities of the BIG-IP device. The vulnerability affects multiple versions of BIG-IP software, including 15.1.0, 16.1.0, 17.1.0, and 17.5.0, which are still under support. The CVSS v3.1 base score is 7.5, indicating high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), but high impact on availability (A:H). No known exploits have been reported in the wild to date. The vulnerability does not require authentication or user interaction, making it remotely exploitable by unauthenticated attackers. The lack of HTTP or HTTP/2 profiles in the virtual server configuration is a key prerequisite, suggesting that misconfigurations or specific deployment scenarios increase exposure. Since BIG-IP devices are critical components in enterprise and service provider networks for load balancing, application delivery, and security, disruption of TMM can cause significant service outages. The absence of patches at the time of reporting necessitates close monitoring for vendor updates and interim mitigations.

For European organizations, the impact of CVE-2025-54479 can be substantial due to the widespread use of F5 BIG-IP devices in enterprise and telecom environments. The primary impact is denial of service, as exploitation causes the TMM process to terminate, disrupting traffic management and potentially causing outages of critical applications and services. This can affect availability of web applications, VPNs, and other services relying on BIG-IP for load balancing and security functions. Industries such as finance, healthcare, government, and telecommunications, which depend heavily on high availability and secure application delivery, are particularly vulnerable. Service disruptions could lead to operational downtime, financial losses, and reputational damage. Although confidentiality and integrity are not directly impacted, the availability loss can indirectly affect business continuity and compliance with regulations such as GDPR that mandate service reliability. The ease of remote exploitation without authentication increases risk, especially in environments where virtual servers are misconfigured without HTTP/HTTP2 profiles. The lack of known exploits currently provides a window for proactive mitigation, but the potential for future exploitation remains high.

To mitigate CVE-2025-54479, European organizations should immediately audit their BIG-IP configurations to identify virtual servers with classification profiles lacking HTTP or HTTP/2 profiles. Where possible, add appropriate HTTP or HTTP/2 profiles to these virtual servers to prevent triggering the vulnerability. Until official patches are released by F5, consider disabling or limiting exposure of vulnerable virtual servers, especially those accessible from untrusted networks. Implement network-level protections such as firewall rules or access control lists to restrict access to BIG-IP management and data plane interfaces. Monitor BIG-IP device logs and network traffic for unusual termination events or anomalies in TMM behavior. Stay informed on F5 security advisories and apply patches promptly once available. Additionally, conduct regular configuration reviews and hardening of BIG-IP devices to minimize misconfigurations that could expose this or other vulnerabilities. Employ redundancy and failover mechanisms to reduce impact of potential service disruptions. Engage with F5 support for guidance on interim mitigations and best practices tailored to your deployment.