CVE-2025-54805 is a vulnerability classified under CWE-401 (Missing Release of Memory after Effective Lifetime) affecting F5 BIG-IP Next SPK version 1.7.0. The flaw occurs when an iRule—a scripting mechanism used to customize traffic handling—is configured on a virtual server via the declarative API. Upon re-instantiation of this iRule, the cleanup process fails to properly release memory resources allocated within the Traffic Management Microkernel (TMM), the core component responsible for processing and managing network traffic. This results in increased memory consumption that can accumulate over time, potentially leading to resource exhaustion and denial of service (DoS) conditions. The vulnerability requires an attacker to have network access and low privileges (PR:L), but no user interaction is necessary (UI:N). The scope is unchanged (S:U), meaning the impact is limited to the vulnerable component without affecting other system components. The CVSS v3.1 base score is 6.5, indicating a medium severity level primarily due to the impact on availability (A:H) without compromising confidentiality or integrity. No known exploits have been reported in the wild, and no patches have been released at the time of publication. The vulnerability does not affect versions that have reached End of Technical Support (EoTS). Given the role of BIG-IP devices in critical network infrastructure, this memory leak could degrade service performance or cause outages if exploited, especially in environments with frequent iRule re-instantiations.

For European organizations, the primary impact of CVE-2025-54805 is on the availability of network services managed by F5 BIG-IP Next SPK devices. These devices are widely used for load balancing, application delivery, and security functions in enterprise and service provider networks. An attacker exploiting this vulnerability could cause increased memory usage in the TMM, leading to degraded performance or denial of service, disrupting critical business applications and services. This could affect sectors such as finance, telecommunications, government, and healthcare, where uptime and reliability are essential. The vulnerability does not compromise data confidentiality or integrity but can cause operational disruptions. The requirement for low privilege and network access means internal threat actors or attackers who have gained limited access could exploit this flaw. The absence of known exploits reduces immediate risk, but the medium severity and potential for service impact warrant proactive mitigation. Organizations with automated or frequent iRule updates are at higher risk due to the re-instantiation trigger.

To mitigate CVE-2025-54805, European organizations should implement the following specific actions: 1) Monitor TMM memory usage closely using F5’s telemetry and logging tools to detect abnormal increases indicative of exploitation or memory leaks. 2) Limit the frequency of iRule re-instantiations on virtual servers to reduce the chance of memory accumulation. 3) Review and audit iRule configurations to ensure they are necessary and optimized to minimize resource consumption. 4) Isolate management and API access to trusted networks and restrict permissions to minimize the risk of unauthorized iRule modifications. 5) Engage with F5 support and subscribe to security advisories to obtain patches or updates as soon as they become available. 6) Test patches in a controlled environment before deployment to avoid service disruptions. 7) Consider implementing redundancy and failover mechanisms to maintain service availability in case of TMM resource exhaustion. 8) Educate network and security teams about this vulnerability to improve detection and response readiness.