CVE-2025-61960 is a vulnerability identified in F5 Networks' BIG-IP product, specifically affecting versions 16.1.0, 17.1.0, and 17.5.0. The issue stems from a NULL pointer dereference (CWE-476) within the Traffic Management Microkernel (TMM) component. This occurs when a per-request policy is configured on a BIG-IP Access Policy Manager (APM) portal access virtual server. Under certain undisclosed traffic conditions, the TMM attempts to access a NULL pointer, causing the process to terminate unexpectedly. This termination leads to a denial of service (DoS) condition, disrupting the availability of the BIG-IP system and potentially impacting all services relying on it. The vulnerability can be triggered remotely without requiring any authentication or user interaction, increasing the risk of exploitation. The CVSS v3.1 base score is 7.5, reflecting a high severity primarily due to the ease of exploitation and the impact on availability. No confidentiality or integrity impacts are associated with this vulnerability. The vulnerability does not affect versions that have reached End of Technical Support (EoTS), and no public exploits have been reported to date. The lack of patch links suggests that fixes may be forthcoming or that users should monitor F5 advisories closely. The vulnerability highlights the criticality of the TMM component in managing traffic and enforcing policies, making its stability essential for network security and service continuity.

The primary impact of CVE-2025-61960 is a denial of service condition caused by the termination of the Traffic Management Microkernel (TMM) process. This can lead to service outages for organizations relying on F5 BIG-IP devices for application delivery, load balancing, and access management. Since BIG-IP devices are often deployed in critical network infrastructure, including enterprise data centers, cloud environments, and service provider networks, the disruption can affect a wide range of services and users. The vulnerability does not compromise confidentiality or integrity, but the loss of availability can result in significant operational and financial consequences, including downtime for business-critical applications, degraded user experience, and potential cascading failures in dependent systems. The ease of remote exploitation without authentication increases the risk of automated attacks or exploitation by opportunistic threat actors. Organizations with per-request policies configured on BIG-IP APM portals are particularly vulnerable, and the impact could be more severe in environments with high traffic volumes or complex policy configurations.

To mitigate CVE-2025-61960, organizations should first review their BIG-IP configurations to identify if per-request policies are enabled on APM portal access virtual servers. If such policies are not essential, consider disabling them temporarily until patches are available. Monitor BIG-IP system logs and TMM process health closely for signs of unexpected termination or crashes. Implement network-level protections such as rate limiting and traffic filtering to reduce exposure to potentially malformed or undisclosed traffic patterns that could trigger the vulnerability. Stay informed by subscribing to F5 security advisories and promptly apply vendor-released patches or updates once they become available. In environments where patching cannot be immediate, consider deploying redundant BIG-IP devices or failover mechanisms to maintain service availability. Additionally, conduct regular backups of BIG-IP configurations and ensure incident response plans include procedures for rapid recovery from TMM process failures. Engage with F5 support for guidance and potential workarounds specific to your deployment.