CVE-2025-61935 is a vulnerability identified in F5 BIG-IP devices, specifically versions 15.1.0, 17.1.0, and 17.5.0, which are widely used for application delivery and security. The issue stems from an unchecked return value in the bd process when an Advanced Web Application Firewall (WAF) or Application Security Manager (ASM) policy is configured on a virtual server. This unchecked return value can be exploited by sending crafted network requests that cause the bd process to terminate unexpectedly. The termination of this critical process leads to a denial of service (DoS) condition, disrupting the availability of the BIG-IP services. The vulnerability does not affect confidentiality or integrity, as it does not allow data leakage or unauthorized modification. The CVSS 3.1 base score is 7.5, reflecting high severity due to network attack vector, no required privileges or user interaction, and a direct impact on availability. No patches or mitigations have been officially released yet, and no known exploits are currently observed in the wild. The vulnerability highlights a classic CWE-252 issue, where failure to check a function's return value leads to instability. Organizations using BIG-IP with Advanced WAF or ASM policies should be aware of potential service interruptions and monitor their devices closely. Since the vulnerability affects supported versions, it is critical to prepare for patching once available and consider temporary mitigations such as restricting access to management interfaces and applying strict network segmentation.

The primary impact of CVE-2025-61935 is a denial of service condition caused by the termination of the bd process on affected F5 BIG-IP devices. For European organizations, this can lead to significant service disruptions, especially for enterprises and government agencies relying on BIG-IP for load balancing, application delivery, and security enforcement. Critical sectors such as finance, telecommunications, healthcare, and public administration could experience outages affecting business continuity and service availability. The inability to process legitimate traffic or enforce security policies may also increase exposure to other threats during downtime. Although confidentiality and integrity are not directly compromised, the loss of availability can indirectly affect operational security and trust. The lack of known exploits in the wild currently reduces immediate risk, but the ease of exploitation (no authentication or user interaction required) means attackers could weaponize this vulnerability quickly once details become widespread. European organizations with high dependency on BIG-IP devices should prioritize risk assessment and incident response planning to mitigate potential operational impacts.

1. Monitor BIG-IP devices for abnormal bd process crashes or service interruptions, using system logs and monitoring tools to detect early signs of exploitation. 2. Restrict network access to BIG-IP management and virtual server interfaces, employing network segmentation and firewall rules to limit exposure to untrusted networks. 3. Disable or carefully review Advanced WAF or ASM policies on virtual servers if feasible, to reduce the attack surface until patches are available. 4. Engage with F5 support and subscribe to security advisories to receive timely updates and patches addressing this vulnerability. 5. Prepare incident response plans that include rapid patch deployment and fallback procedures to minimize downtime in case of exploitation. 6. Conduct penetration testing and vulnerability assessments focused on BIG-IP configurations to identify and remediate potential weaknesses. 7. Consider deploying redundant BIG-IP devices or failover mechanisms to maintain service availability during potential DoS events. 8. Educate network and security teams about this vulnerability to ensure prompt detection and response.