CVE-2025-58120 is a vulnerability identified in F5 BIG-IP Next SPK versions 1.7.0 through 2.0.0 that arises from a NULL pointer dereference (CWE-476) within the Traffic Management Microkernel (TMM) component. This flaw is specifically triggered when HTTP/2 Ingress is configured on the device. An attacker can send crafted HTTP/2 traffic that causes the TMM to dereference a NULL pointer, leading to a crash of the TMM process. The TMM is a critical component responsible for managing traffic and load balancing; its termination results in a denial of service (DoS) condition, disrupting network traffic management and potentially causing service outages. The vulnerability does not require any privileges or user interaction, making it remotely exploitable over the network. The CVSS v3.1 base score is 7.5, reflecting high severity due to its network attack vector, low attack complexity, no required privileges, and no user interaction. The impact is limited to availability, with no direct confidentiality or integrity compromise. No public exploits or active exploitation have been reported yet. The vulnerability affects supported versions only; versions past their End of Technical Support (EoTS) are not evaluated. No patches are currently linked, indicating that remediation may be pending or in development. Organizations using F5 BIG-IP Next SPK with HTTP/2 Ingress enabled should consider this vulnerability a significant risk to service continuity.

For European organizations, the primary impact of CVE-2025-58120 is the potential for denial of service due to the TMM process crashing on affected F5 BIG-IP Next SPK devices. This can disrupt critical network traffic management functions such as load balancing, application delivery, and security enforcement. Industries relying heavily on F5 BIG-IP for high availability and secure traffic management—such as financial services, telecommunications, government, and critical infrastructure—may experience outages or degraded service quality. The disruption could affect customer-facing services, internal applications, and inter-organizational communications. Since the vulnerability is remotely exploitable without authentication, attackers could cause widespread service interruptions, potentially impacting business continuity and regulatory compliance. The lack of confidentiality or integrity impact reduces risks related to data breaches but does not diminish the operational risks associated with availability loss. The absence of known exploits in the wild provides a window for proactive mitigation, but the ease of exploitation means attackers could develop exploits rapidly once details become public.

1. Monitor F5 Networks’ official advisories for patches addressing CVE-2025-58120 and apply them promptly once available. 2. If immediate patching is not possible, disable HTTP/2 Ingress on affected BIG-IP Next SPK devices to prevent exploitation. 3. Implement network-level protections such as rate limiting and traffic filtering to detect and block anomalous HTTP/2 traffic patterns that could trigger the vulnerability. 4. Employ robust monitoring of TMM process health and automated alerting to detect crashes or service disruptions quickly. 5. Use redundant BIG-IP devices and failover configurations to minimize service impact during potential DoS events. 6. Conduct internal vulnerability assessments and penetration tests focusing on HTTP/2 traffic handling to identify exposure. 7. Restrict administrative access and network exposure of BIG-IP management interfaces to reduce attack surface. 8. Maintain up-to-date asset inventories to identify all devices running affected versions and ensure comprehensive coverage of mitigation efforts.