CVE-2025-55669 is a vulnerability identified in F5 BIG-IP versions 16.1.0 and 17.1.0, specifically when the Advanced Web Application Firewall (WAF) and Application Security Manager (ASM) security policies are enabled alongside a server-side HTTP/2 profile on a virtual server. The underlying issue is classified under CWE-672, which involves performing operations on resources after they have expired or been released, leading to use-after-free or similar memory management errors. In this case, specially crafted or undisclosed traffic can trigger the Traffic Management Microkernel (TMM) component of BIG-IP to terminate unexpectedly. TMM is a critical process responsible for managing traffic and enforcing security policies. Its termination results in a denial of service (DoS), disrupting network traffic and potentially causing outages for services relying on the BIG-IP device. The vulnerability does not require any authentication or user interaction, making it remotely exploitable over the network with low complexity. Although no exploits have been reported in the wild yet, the potential for disruption is significant given the role of BIG-IP in enterprise and service provider environments. The vulnerability affects supported versions only, as versions past End of Technical Support (EoTS) are not evaluated. The CVSS v3.1 base score is 7.5, reflecting a high severity primarily due to the impact on availability (A:H), with no impact on confidentiality or integrity. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N).

For European organizations, the impact of CVE-2025-55669 can be substantial, especially for those relying on F5 BIG-IP devices for critical network functions such as load balancing, application delivery, and web application security. A successful exploitation leads to the termination of the TMM process, causing denial of service and potential downtime of protected applications and services. This can disrupt business operations, degrade customer experience, and potentially violate regulatory requirements for service availability and continuity. Sectors such as finance, telecommunications, government, and healthcare, which often deploy BIG-IP for security and traffic management, are particularly vulnerable. The disruption could also affect inter-organizational communications and critical infrastructure services. Although no data confidentiality or integrity loss is indicated, the availability impact alone can have cascading effects on dependent systems and services. The lack of required authentication or user interaction increases the risk of remote exploitation by attackers scanning for vulnerable devices.

1. Immediate review of BIG-IP configurations to identify virtual servers using both Advanced WAF/ASM policies and server-side HTTP/2 profiles. 2. Temporarily disable either the Advanced WAF/ASM security policies or the server-side HTTP/2 profile on affected virtual servers if feasible, to mitigate exposure until patches are available. 3. Monitor vendor communications closely for official patches or hotfixes from F5 and apply them promptly once released. 4. Implement network-level protections such as firewall rules or intrusion prevention systems to restrict access to management and critical BIG-IP interfaces from untrusted networks. 5. Employ traffic anomaly detection to identify unusual or malformed HTTP/2 traffic patterns that could trigger the vulnerability. 6. Maintain up-to-date asset inventories to quickly identify and remediate vulnerable BIG-IP instances. 7. Conduct regular backups and have incident response plans ready to address potential service disruptions. 8. Engage with F5 support for guidance on interim mitigations and best practices specific to your deployment environment.