CVE-2025-58474 is a vulnerability classified under CWE-770, which involves the allocation of resources without adequate limits or throttling in F5 BIG-IP version 17.1.0. This vulnerability specifically impacts configurations where the BIG-IP Advanced Web Application Firewall (WAF) is enabled with Server-Side Request Forgery (SSRF) protection or where an NGINX server is configured with App Protect Bot Defense. The flaw allows certain undisclosed requests to consume resources excessively, thereby disrupting the processing of new legitimate client requests. This behavior can lead to a denial of service (DoS) condition, affecting the availability of services protected by BIG-IP. The vulnerability is exploitable remotely over the network without requiring any authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The CVSS base score of 5.3 categorizes it as medium severity, reflecting a moderate impact on availability without compromising confidentiality or integrity. No patches or fixes have been published yet, and no known exploits have been observed in the wild. The vulnerability does not affect versions that have reached End of Technical Support (EoTS). The root cause lies in insufficient resource management controls within the affected components, allowing resource exhaustion through crafted requests that bypass or trigger SSRF and bot defense mechanisms. This vulnerability highlights the importance of robust resource allocation and throttling mechanisms in security appliances that handle high volumes of client requests and complex inspection logic.

For European organizations, the primary impact of CVE-2025-58474 is the potential disruption of critical web application firewall services and NGINX-based bot defense systems, leading to denial of service conditions. This can degrade the availability of protected applications, including customer-facing portals, internal management consoles, and APIs. Organizations in sectors such as finance, telecommunications, government, and critical infrastructure that rely heavily on F5 BIG-IP for security and traffic management are at higher risk. Service outages could result in operational downtime, loss of customer trust, and potential regulatory scrutiny under frameworks like GDPR if service availability impacts data processing or user access. Additionally, attackers could leverage this vulnerability to create distraction or cover for other malicious activities by causing service interruptions. The lack of known exploits reduces immediate risk, but the medium severity and ease of remote exploitation warrant proactive mitigation. The impact is confined to availability, with no direct compromise of confidentiality or integrity reported.

1. Monitor resource utilization closely on BIG-IP devices, especially those running version 17.1.0 with Advanced WAF and App Protect Bot Defense enabled. 2. Implement strict rate limiting and connection throttling on virtual servers to prevent resource exhaustion from undisclosed or malformed requests. 3. Isolate vulnerable BIG-IP instances from critical network segments where possible to limit blast radius. 4. Employ network-level protections such as upstream firewalls or intrusion prevention systems to detect and block anomalous traffic patterns targeting SSRF or bot defense features. 5. Regularly review and update configuration settings to minimize exposure of SSRF protections and bot defense modules to untrusted sources. 6. Stay informed on vendor advisories and prepare to apply patches or updates promptly once released by F5. 7. Conduct penetration testing and resilience assessments simulating resource exhaustion scenarios to validate defenses. 8. Consider deploying fallback or redundant WAF instances to maintain service continuity during potential disruptions. 9. Engage with F5 support for guidance and possible workarounds until an official patch is available.