CVE-2025-58120 is a vulnerability identified in F5 BIG-IP Next SPK, specifically affecting versions 1.7.0, 1.8.0, 1.9.0, and 2.0.0. The flaw is a NULL pointer dereference (CWE-476) that occurs when HTTP/2 Ingress is enabled and certain undisclosed traffic is received by the Traffic Management Microkernel (TMM). The TMM is a core component responsible for managing network traffic and load balancing within the BIG-IP platform. When the vulnerability is triggered, the TMM process terminates unexpectedly, causing a denial of service (DoS) by disrupting traffic management functions. The vulnerability can be exploited remotely without any authentication or user interaction, making it accessible to unauthenticated attackers over the network. The CVSS 3.1 base score of 7.5 reflects the high impact on availability (A:H) with no impact on confidentiality or integrity, and the attack vector is network-based with low attack complexity. Although no public exploits have been reported yet, the critical role of BIG-IP devices in enterprise and service provider networks makes this vulnerability a significant concern. The lack of available patches at the time of publication necessitates immediate risk mitigation and monitoring by affected organizations.

The primary impact of CVE-2025-58120 is a denial of service condition caused by the termination of the TMM process on affected F5 BIG-IP Next SPK devices. This disruption can lead to network traffic management failures, resulting in service outages for applications and services relying on BIG-IP for load balancing, security, and traffic routing. Organizations using these devices in critical infrastructure, cloud environments, or enterprise networks may experience degraded network performance or complete loss of service availability. The vulnerability does not directly compromise data confidentiality or integrity but can indirectly affect business operations and service continuity. Given the widespread use of F5 BIG-IP products in sectors such as finance, telecommunications, healthcare, and government, the potential for operational disruption is significant. Attackers could leverage this vulnerability to cause targeted outages or as part of a broader attack campaign to degrade network defenses.

1. Immediately review and restrict HTTP/2 Ingress configurations on affected BIG-IP Next SPK devices, disabling HTTP/2 Ingress if not strictly required. 2. Implement network-level filtering to block or limit traffic patterns that could trigger the NULL pointer dereference, using anomaly detection or rate limiting on ingress points. 3. Monitor TMM process stability and system logs closely for signs of unexpected termination or crashes. 4. Coordinate with F5 Networks for timely updates and patches; apply official patches as soon as they become available. 5. Employ redundant BIG-IP devices and failover configurations to minimize service disruption in case of TMM failure. 6. Consider deploying Web Application Firewalls (WAF) or Intrusion Prevention Systems (IPS) to detect and block malformed or suspicious HTTP/2 traffic. 7. Conduct regular vulnerability assessments and penetration testing focused on HTTP/2 traffic handling to identify potential exploitation attempts. 8. Maintain an incident response plan that includes procedures for rapid recovery from BIG-IP service interruptions.