CVE-2025-54858 is a vulnerability classified under CWE-674 (Uncontrolled Recursion) affecting F5 BIG-IP Advanced WAF and ASM modules. The issue arises when a security policy is configured with a JSON content profile that includes a malformed JSON schema. When such a policy is applied to a virtual server, specially crafted requests can trigger uncontrolled recursion within the bd process, leading to its termination. This termination causes a denial of service condition, disrupting the availability of the BIG-IP service. The vulnerability affects multiple supported versions of BIG-IP (15.1.0, 16.1.0, 17.1.0, and 17.5.0). The CVSS v3.1 score is 7.5, reflecting a high severity due to network attack vector, low attack complexity, no privileges required, and no user interaction needed. The impact is limited to availability, with no direct confidentiality or integrity compromise reported. No public exploits have been observed yet, but the vulnerability is publicly disclosed and documented. The root cause is improper handling of malformed JSON schemas leading to uncontrolled recursion in the processing logic of the bd process, which is critical for BIG-IP’s security policy enforcement. The vulnerability does not affect versions that have reached End of Technical Support. No official patches or workarounds are listed in the provided data, emphasizing the need for configuration review and monitoring.

For European organizations, the primary impact of CVE-2025-54858 is a denial of service condition on F5 BIG-IP devices running Advanced WAF or ASM with vulnerable JSON content profiles. This can lead to temporary unavailability of web application firewall protections and potentially the virtual servers behind them, increasing exposure to other attacks during downtime. Organizations relying on BIG-IP for critical web infrastructure, including financial institutions, government agencies, and large enterprises, may experience service interruptions affecting business continuity and customer trust. The lack of confidentiality or integrity impact reduces the risk of data breaches but does not diminish the operational disruption risk. Given the network-exploitable nature and no authentication requirement, attackers can remotely trigger the vulnerability, making it a significant threat in hostile environments. The absence of known exploits in the wild currently lowers immediate risk but does not preclude future exploitation. European sectors with high dependence on BIG-IP appliances for web security are particularly vulnerable to service degradation or outages.

1. Immediately audit all BIG-IP Advanced WAF and ASM security policies that utilize JSON content profiles to identify any malformed or non-standard JSON schemas. 2. Correct or remove malformed JSON schemas from security policies to prevent triggering uncontrolled recursion. 3. Monitor the bd process and BIG-IP system logs for unusual terminations or crashes indicative of exploitation attempts. 4. Implement network-level protections such as rate limiting and IP reputation filtering to reduce exposure to malicious requests targeting this vulnerability. 5. Engage with F5 support or check official advisories regularly for patches or updates addressing CVE-2025-54858 and apply them promptly once available. 6. Consider deploying BIG-IP devices in high-availability configurations to mitigate potential downtime caused by process termination. 7. Conduct penetration testing and fuzzing on JSON content profiles to proactively detect malformed schema issues. 8. Restrict management and configuration access to trusted administrators to prevent accidental deployment of malformed schemas. These steps go beyond generic advice by focusing on configuration hygiene, proactive monitoring, and operational resilience specific to this vulnerability.