CVE-2025-59781 is a vulnerability classified under CWE-459 (Incomplete Cleanup) affecting F5 BIG-IP and BIG-IP Next CNF virtual servers when DNS cache is enabled. The issue arises because undisclosed DNS queries cause the system to retain DNS cache entries improperly, leading to increased memory resource utilization over time. This incomplete cleanup of cached DNS data can result in memory exhaustion, degrading system performance or causing denial of service conditions. The vulnerability affects multiple recent versions of BIG-IP (15.1.0, 16.1.0, and 17.1.0) and does not require authentication or user interaction, making it remotely exploitable by an attacker who can send crafted DNS queries to the affected virtual server. Although no public exploits have been reported yet, the potential for resource exhaustion poses a significant risk to availability of network services relying on BIG-IP devices. The vulnerability does not impact confidentiality or integrity directly but can disrupt service availability. The CVSS 3.1 score of 7.5 reflects a network attack vector with low complexity and no privileges or user interaction required, emphasizing the threat's seriousness. No patches are currently linked, and versions that have reached End of Technical Support are not evaluated, so organizations should verify their version support status. The vulnerability highlights the importance of proper resource management and cleanup in DNS caching implementations within critical network infrastructure devices.

The primary impact of CVE-2025-59781 is on the availability of F5 BIG-IP devices configured with DNS caching. By exploiting incomplete cleanup of DNS cache entries, an attacker can cause memory resource exhaustion, potentially leading to system slowdowns, crashes, or denial of service. This can disrupt critical network functions such as load balancing, application delivery, and security services that rely on BIG-IP devices. Organizations worldwide that depend on BIG-IP for managing traffic and securing applications may experience outages or degraded performance, affecting business continuity and user experience. The vulnerability does not compromise data confidentiality or integrity but can indirectly impact operational stability. Given the widespread deployment of F5 BIG-IP in enterprise, government, and service provider networks, the threat could have broad implications, especially in environments with high DNS query volumes or where DNS caching is heavily utilized. The ease of remote exploitation without authentication increases the risk of automated attacks targeting vulnerable devices.

Organizations should immediately assess whether their F5 BIG-IP deployments are running affected versions (15.1.0, 16.1.0, or 17.1.0) with DNS cache enabled on virtual servers. If so, they should prioritize upgrading to a fixed version once available from F5 or apply any interim mitigations recommended by the vendor. In the absence of patches, administrators can consider disabling DNS caching on virtual servers if operationally feasible to prevent memory buildup. Monitoring memory utilization and DNS cache size on BIG-IP devices can help detect abnormal resource consumption early. Network-level controls such as rate limiting or filtering of DNS queries to BIG-IP virtual servers may reduce exposure to exploit attempts. Regularly reviewing device configurations and applying security best practices for BIG-IP management will also reduce risk. Finally, maintaining up-to-date inventory and patch management processes for critical infrastructure devices is essential to respond promptly to such vulnerabilities.