CVE-2025-54479 is an out-of-bounds write vulnerability classified under CWE-787 affecting F5 Networks' BIG-IP product, specifically its Traffic Management Microkernel (TMM) component. The issue arises when a classification profile is configured on a virtual server without an accompanying HTTP or HTTP/2 profile. Under these conditions, specially crafted, undisclosed network requests can trigger an out-of-bounds write in TMM, causing it to terminate unexpectedly. This termination results in a denial of service condition, disrupting the traffic management capabilities of the BIG-IP device. The vulnerability affects multiple versions of BIG-IP, including 15.1.0, 16.1.0, 17.1.0, and 17.5.0, but does not impact versions that have reached End of Technical Support. The CVSS v3.1 base score is 7.5, reflecting a high severity due to the network attack vector, lack of required privileges or user interaction, and the impact limited to availability. No known exploits have been reported in the wild as of the publication date. The vulnerability does not compromise confidentiality or integrity but can cause service outages in critical network infrastructure relying on BIG-IP for load balancing, traffic management, and security functions. The lack of a patch link indicates that fixes may be forthcoming or that mitigation currently relies on configuration changes. The vulnerability highlights the importance of proper profile configuration and the risks of misconfiguration in complex network appliances.

The primary impact of CVE-2025-54479 is denial of service due to the termination of the Traffic Management Microkernel (TMM) on affected F5 BIG-IP devices. Organizations relying on BIG-IP for load balancing, application delivery, and security enforcement may experience service interruptions, potentially affecting large volumes of network traffic and critical applications. This can lead to operational downtime, degraded user experience, and potential cascading effects on dependent systems. Since the vulnerability does not affect confidentiality or integrity, data breaches or unauthorized data modification are not direct concerns. However, the loss of availability in network infrastructure can have significant business impact, especially for enterprises, cloud providers, and service providers that depend on BIG-IP for high availability and security. The ease of remote exploitation without authentication increases the risk of opportunistic attacks. While no known exploits exist yet, the vulnerability could be targeted in the future by attackers aiming to disrupt services or cause outages in critical environments.

1. Review and audit BIG-IP virtual server configurations to ensure that classification profiles are not applied without an HTTP or HTTP/2 profile. 2. Temporarily disable or remove classification profiles on virtual servers lacking HTTP/HTTP2 profiles until patches are available. 3. Monitor F5 Networks advisories closely for official patches or hotfixes addressing CVE-2025-54479 and apply them promptly once released. 4. Implement network-level protections such as rate limiting and traffic filtering to reduce exposure to malformed or unexpected requests targeting BIG-IP devices. 5. Employ redundancy and failover mechanisms in BIG-IP deployments to minimize service disruption in case of TMM termination. 6. Conduct regular vulnerability assessments and penetration testing focusing on BIG-IP configurations to detect potential misconfigurations or exploitable conditions. 7. Maintain up-to-date inventory of BIG-IP versions in use and plan for timely upgrades to supported versions with security fixes. 8. Engage with F5 support for guidance on interim mitigations and best practices specific to your deployment environment.