Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2025-58120: CWE-476 NULL Pointer Dereference in F5 BIG-IP Next SPK

0
High
VulnerabilityCVE-2025-58120cvecve-2025-58120cwe-476
Published: Wed Oct 15 2025 (10/15/2025, 13:55:51 UTC)
Source: CVE Database V5
Vendor/Project: F5
Product: BIG-IP Next SPK

Description

When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

AI-Powered Analysis

AILast updated: 10/15/2025, 14:09:31 UTC

Technical Analysis

CVE-2025-58120 is a vulnerability identified in the F5 BIG-IP Next SPK product line, specifically affecting versions 1.7.0 through 2.0.0. The root cause is a NULL pointer dereference (CWE-476) within the Traffic Management Microkernel (TMM) component when HTTP/2 Ingress is enabled. This condition arises when the system processes certain undisclosed or malformed HTTP/2 traffic, causing the TMM to crash or terminate unexpectedly. The TMM is a critical component responsible for traffic management and load balancing in BIG-IP devices. Its termination leads to denial of service (DoS) conditions, disrupting network traffic handling and potentially causing outages for applications relying on these devices. The vulnerability can be exploited remotely over the network without requiring any authentication or user interaction, increasing its risk profile. Although no exploits have been reported in the wild yet, the CVSS 3.1 base score of 7.5 reflects the high impact on availability and the ease of exploitation. The vulnerability does not affect confidentiality or integrity, as it does not allow data leakage or modification. The vendor has not yet published patches, and versions that have reached End of Technical Support are excluded from evaluation. The vulnerability is particularly relevant for environments where HTTP/2 Ingress is actively used, as disabling this feature may mitigate the risk temporarily.

Potential Impact

For European organizations, the primary impact of CVE-2025-58120 is the potential for denial of service due to TMM process termination. This can lead to significant disruption of network traffic management, affecting availability of critical applications and services dependent on F5 BIG-IP Next SPK devices. Industries relying heavily on load balancing and secure traffic management, such as financial services, telecommunications, healthcare, and government, may face operational outages and degraded service quality. The lack of confidentiality or integrity impact limits data breach concerns, but availability loss can cause financial losses, reputational damage, and regulatory compliance issues under frameworks like GDPR if service interruptions affect personal data processing. The remote, unauthenticated nature of the exploit increases the risk of automated attacks or scanning by threat actors targeting exposed BIG-IP devices. Organizations with large-scale deployments or those using HTTP/2 Ingress extensively are at higher risk of operational impact.

Mitigation Recommendations

1. Monitor vendor communications closely for official patches or updates addressing CVE-2025-58120 and apply them promptly once available. 2. If feasible, temporarily disable HTTP/2 Ingress on affected BIG-IP Next SPK devices to prevent exploitation until a patch is applied. 3. Implement network-level protections such as Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) to detect and block anomalous or malformed HTTP/2 traffic targeting BIG-IP devices. 4. Restrict access to management interfaces and limit exposure of BIG-IP devices to untrusted networks to reduce attack surface. 5. Conduct thorough testing in staging environments before enabling HTTP/2 Ingress post-patch to ensure stability. 6. Maintain up-to-date asset inventories to identify all affected devices and versions for prioritized remediation. 7. Employ network segmentation to isolate critical infrastructure and minimize impact of potential DoS conditions. 8. Establish robust monitoring and alerting for TMM process crashes or service disruptions to enable rapid incident response.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
f5
Date Reserved
2025-10-03T23:04:38.040Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68efa99427d7577a180040a4

Added to database: 10/15/2025, 2:03:00 PM

Last enriched: 10/15/2025, 2:09:31 PM

Last updated: 10/16/2025, 12:22:56 PM

Views: 7

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats