CVE-2025-59778 is a vulnerability classified under CWE-770 (Allocation of Resources Without Limits or Throttling) affecting the F5OS - Chassis product, specifically versions 1.6.0 and 1.8.0. The flaw exists in the Allowed IP Addresses feature configured on the F5OS-C partition control plane. When this feature is enabled, an attacker can send specially crafted or undisclosed traffic that triggers excessive resource consumption, causing multiple containers within the system to terminate unexpectedly. This results in a denial-of-service (DoS) condition impacting the availability of the affected system. The vulnerability can be exploited remotely without requiring any authentication or user interaction, increasing the risk profile. The CVSS v3.1 base score is 7.5, indicating a high severity primarily due to the impact on availability (A:H), with no impact on confidentiality or integrity. The attack vector is network-based (AV:N), with low attack complexity (AC:L), and no privileges required (PR:N). Although no public exploits have been reported yet, the vulnerability poses a significant risk to network infrastructure relying on F5OS - Chassis, especially in environments where the Allowed IP Addresses feature is actively used. The vulnerability has been published recently, and no patches have been linked yet, but organizations should anticipate vendor updates. The flaw highlights the importance of resource management and throttling in network device control planes to prevent service disruption.

For European organizations, the primary impact of CVE-2025-59778 is the potential for denial-of-service attacks against critical network infrastructure components running F5OS - Chassis. This can lead to service outages affecting data center operations, cloud services, and enterprise network availability. Organizations relying on F5 devices for load balancing, security, or traffic management could experience degraded performance or complete loss of service in affected containers. This disruption can impact business continuity, customer access, and internal communications. Given the vulnerability requires no authentication, attackers from outside the network perimeter could exploit it remotely, increasing the threat surface. Critical sectors such as finance, telecommunications, government, and healthcare in Europe that depend on F5 infrastructure are particularly vulnerable. The lack of confidentiality or integrity impact means data breaches are unlikely, but availability loss can have cascading effects on dependent services and SLAs. The absence of known exploits provides a window for proactive mitigation, but the high severity score demands urgent attention.

1. Restrict network access to the F5OS-C partition control plane interfaces by implementing strict firewall rules and network segmentation to limit exposure to untrusted networks. 2. Monitor network traffic patterns for unusual or unexpected flows targeting the Allowed IP Addresses feature, using IDS/IPS and SIEM tools to detect potential exploitation attempts. 3. Disable the Allowed IP Addresses feature if it is not essential to operations, reducing the attack surface. 4. Engage with F5 Networks for timely updates and patches addressing this vulnerability; apply them promptly once available. 5. Implement rate limiting and resource usage monitoring on the control plane to detect and prevent resource exhaustion conditions. 6. Conduct regular security assessments and penetration testing focusing on control plane components to identify similar resource allocation issues. 7. Maintain up-to-date asset inventories to identify all F5OS - Chassis devices and their firmware versions to prioritize remediation efforts. 8. Develop and test incident response plans specific to denial-of-service scenarios affecting network infrastructure devices.