CVE-2025-59778 is a vulnerability classified under CWE-770 (Allocation of Resources Without Limits or Throttling) affecting the F5OS - Chassis product, specifically versions 1.6.0 and 1.8.0. The flaw lies in the handling of the Allowed IP Addresses feature on the F5OS-C partition control plane. When this feature is configured, an attacker can send specially crafted or undisclosed traffic that causes excessive resource allocation within the system. This uncontrolled resource consumption leads to the termination of multiple containers running on the chassis, effectively causing a denial-of-service (DoS) condition. The vulnerability can be exploited remotely without requiring any authentication or user interaction, increasing its risk profile. The impact is limited to availability, with no direct confidentiality or integrity compromise reported. The vulnerability has a CVSS v3.1 base score of 7.5, indicating high severity due to network attack vector, low attack complexity, no privileges required, and no user interaction needed. No public exploits have been reported yet, and software versions beyond End of Technical Support were not evaluated. The lack of patch links suggests that fixes may be pending or forthcoming from the vendor. This vulnerability highlights the importance of resource management and throttling in network device control planes to prevent service outages caused by malformed or unexpected traffic patterns.

For European organizations, the primary impact of CVE-2025-59778 is the potential for denial-of-service attacks against critical network infrastructure using F5OS - Chassis devices. These devices often serve as core components in data centers, service provider networks, and enterprise environments, managing traffic and providing essential network functions. Disruption of containerized services on the chassis control plane could lead to partial or complete loss of network functionality, affecting business continuity, customer access, and internal operations. Sectors such as finance, telecommunications, government, and critical infrastructure operators are particularly vulnerable due to their reliance on high availability and robust network performance. The vulnerability's ease of exploitation without authentication means attackers can launch attacks from anywhere on the internet, increasing the threat surface. Additionally, the lack of current public exploits does not preclude future weaponization, necessitating proactive mitigation. The impact on availability could also cascade into regulatory and compliance issues under European data protection and operational resilience frameworks.

1. Monitor network traffic to and from F5OS - Chassis devices for unusual patterns or spikes that could indicate exploitation attempts targeting the Allowed IP Addresses feature. 2. Implement strict ingress filtering and rate limiting on network segments connected to the F5OS-C partition control plane to reduce the risk of resource exhaustion attacks. 3. Disable or carefully configure the Allowed IP Addresses feature if it is not essential to operations, minimizing the attack surface. 4. Engage with F5 Networks for official patches or firmware updates addressing this vulnerability and plan timely deployment once available. 5. Conduct thorough testing of updated firmware in controlled environments before production rollout to avoid service disruptions. 6. Establish incident response procedures specifically for network device DoS scenarios, including fallback and redundancy plans. 7. Use network segmentation to isolate critical F5OS devices from less trusted networks, limiting exposure. 8. Maintain up-to-date asset inventories to quickly identify affected devices and versions within the organization. 9. Collaborate with managed security service providers or threat intelligence sources to stay informed about emerging exploits or attack campaigns targeting this vulnerability.