CVE-2025-58474 is a vulnerability classified under CWE-770 (Allocation of Resources Without Limits or Throttling) affecting F5 BIG-IP version 17.1.0. The issue arises when BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery (SSRF) protection enabled or when an NGINX server is configured with App Protect Bot Defense. In these configurations, the system fails to properly limit or throttle resource allocation for certain undisclosed requests. This flaw can be exploited remotely without authentication or user interaction, allowing an attacker to send crafted requests that consume resources excessively. As a result, legitimate new client requests may be disrupted, effectively causing a denial of service (DoS) condition. The vulnerability does not compromise confidentiality or integrity but impacts availability. The CVSS v3.1 base score is 5.3, reflecting medium severity, with attack vector as network, low attack complexity, no privileges required, and no user interaction needed. The affected software version is 17.1.0, and versions that have reached End of Technical Support are not evaluated. No patches or known exploits are currently available, so mitigation relies on configuration adjustments and monitoring. This vulnerability highlights the importance of resource management and throttling in security modules that inspect and filter web traffic, especially in high-availability environments.

The primary impact of CVE-2025-58474 is on the availability of services protected by F5 BIG-IP Advanced WAF and NGINX App Protect Bot Defense. Exploitation can lead to denial of service by exhausting resources allocated for handling client requests, disrupting legitimate traffic. This can cause downtime or degraded performance for web applications relying on these protections, potentially affecting business continuity and user experience. Organizations in sectors such as finance, healthcare, telecommunications, and government that depend heavily on F5 BIG-IP for web application security and traffic management could face operational disruptions. Although confidentiality and integrity are not directly affected, the availability impact can indirectly lead to reputational damage and financial losses. The ease of exploitation (no authentication or user interaction required) increases the risk, especially in environments exposed to the internet. However, the absence of known exploits in the wild and the medium CVSS score suggest that while impactful, the threat is currently moderate but warrants proactive attention.

To mitigate CVE-2025-58474, organizations should first verify if they are running F5 BIG-IP version 17.1.0 with Advanced WAF configured with SSRF protection or NGINX with App Protect Bot Defense. Until official patches are released, consider the following specific actions: 1) Limit exposure of the affected virtual servers to untrusted networks by implementing strict network segmentation and firewall rules to restrict access only to trusted sources. 2) Monitor traffic patterns closely for unusual request volumes or resource consumption spikes that may indicate exploitation attempts. 3) Adjust or disable SSRF protection or bot defense features temporarily if feasible and if they are suspected to contribute to resource exhaustion, balancing security needs with availability. 4) Implement rate limiting and connection throttling at upstream network devices or load balancers to prevent resource exhaustion from excessive requests. 5) Engage with F5 support and subscribe to their security advisories to receive timely updates and patches. 6) Conduct regular capacity planning and resource monitoring to detect and respond to abnormal resource usage promptly. These targeted mitigations go beyond generic advice by focusing on configuration review, network controls, and proactive monitoring tailored to the affected features.