CVE-2025-54805 is a vulnerability classified under CWE-401 (Missing Release of Memory after Effective Lifetime) affecting F5 BIG-IP Next SPK version 1.7.0. The issue arises when an iRule—a script used to customize traffic handling—is configured on a virtual server via the declarative API. Upon re-instantiation of this iRule, the cleanup process fails to properly release allocated memory within the Traffic Management Microkernel (TMM), the core component responsible for processing network traffic. This failure causes a gradual increase in memory consumption, effectively a memory leak. Over time, this can lead to exhaustion of TMM memory resources, resulting in degraded performance or denial of service (DoS) conditions. The vulnerability requires an attacker to have network access with low privileges (PR:L) but does not require user interaction (UI:N). The CVSS v3.1 base score is 6.5, reflecting a medium severity primarily due to the impact on availability (A:H) without affecting confidentiality or integrity. No known exploits have been reported in the wild, and no official patches were available at the time of disclosure. The vulnerability does not affect versions that have reached End of Technical Support (EoTS). The flaw is significant because F5 BIG-IP devices are widely used in enterprise environments for load balancing, application delivery, and security functions, making the TMM a critical component. A memory leak in TMM can disrupt these services, impacting business continuity.

For European organizations, the primary impact of CVE-2025-54805 is on the availability of network services managed by F5 BIG-IP Next SPK devices. As these devices often handle critical application delivery and security functions, memory exhaustion in the TMM could cause service degradation or outages, affecting end-user experience and potentially leading to operational disruptions. Industries relying heavily on high availability, such as finance, telecommunications, healthcare, and government, may experience significant operational risks. The vulnerability does not compromise data confidentiality or integrity, but denial of service conditions could indirectly affect business operations and compliance with service level agreements (SLAs). Additionally, remediation efforts may require planned maintenance windows, which could temporarily impact service availability. Since exploitation requires network access with low privileges, internal threat actors or attackers who have gained limited network footholds could exploit this vulnerability to escalate denial of service attacks. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits post-disclosure.

To mitigate CVE-2025-54805, European organizations should implement several specific measures beyond generic best practices: 1) Monitor TMM memory usage closely using F5’s telemetry and logging tools to detect abnormal increases indicative of memory leaks. 2) Limit the frequency of iRule re-instantiations via the declarative API, especially in automated workflows or dynamic configurations, to reduce the risk of triggering the leak. 3) Apply any vendor-provided patches or updates as soon as they become available, prioritizing environments where the affected version 1.7.0 is in use. 4) Consider upgrading to later versions of BIG-IP Next SPK that are not affected by this vulnerability or have reached End of Technical Support and are no longer evaluated. 5) Restrict network access to management and API interfaces to trusted administrators and systems to reduce the attack surface. 6) Conduct regular security assessments and penetration testing focusing on API usage and iRule configurations to identify potential exploitation vectors. 7) Prepare incident response plans to quickly address potential denial of service incidents caused by this vulnerability. 8) Engage with F5 support and subscribe to security advisories for timely updates.