CVE-2025-61960 is a vulnerability identified in F5 Networks' BIG-IP product, specifically affecting versions 16.1.0, 17.1.0, and 17.5.0. The flaw is a NULL pointer dereference (CWE-476) that occurs when a per-request policy is configured on a BIG-IP Access Policy Manager (APM) portal access virtual server. Under certain undisclosed traffic conditions, this vulnerability causes the Traffic Management Microkernel (TMM) component to crash or terminate unexpectedly. The TMM is a critical component responsible for processing and managing network traffic on BIG-IP devices. Its termination results in a denial of service (DoS) condition, disrupting the availability of services relying on the BIG-IP device. The vulnerability can be triggered remotely without requiring authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). Although no public exploits have been reported yet, the high CVSS score of 7.5 reflects the significant risk posed by this flaw. The vulnerability does not impact confidentiality or integrity directly but severely affects availability. The vendor has not yet released patches or mitigations, and versions that have reached End of Technical Support (EoTS) are excluded from evaluation. Organizations using BIG-IP APM with per-request policies should be aware of this vulnerability and prepare to respond promptly once patches become available.

For European organizations, the primary impact of CVE-2025-61960 is the potential for denial of service on critical network infrastructure. BIG-IP devices are widely used in Europe for load balancing, secure remote access, and application delivery, especially in sectors such as finance, telecommunications, government, and critical infrastructure. A successful exploitation could cause service outages, disrupting business operations and potentially leading to financial losses and reputational damage. The lack of authentication and user interaction requirements increases the risk of automated or widespread attacks. Additionally, organizations relying on BIG-IP APM for secure portal access may experience interruptions in user authentication and access management, affecting employee productivity and customer access. Although no data breach or integrity compromise is indicated, the availability impact alone can have cascading effects on dependent services and compliance with service-level agreements (SLAs). The absence of known exploits provides a window for proactive mitigation, but the high severity demands urgent attention.

1. Immediately review and audit BIG-IP APM configurations, focusing on virtual servers with per-request policies enabled. 2. Restrict network exposure of vulnerable BIG-IP virtual servers by implementing strict firewall rules and network segmentation to limit access to trusted sources only. 3. Monitor BIG-IP device logs and network traffic for unusual patterns or crashes related to TMM termination. 4. Prepare incident response plans to quickly detect and recover from potential denial of service events caused by this vulnerability. 5. Engage with F5 Networks support and subscribe to their security advisories to receive timely patch releases and updates. 6. Consider deploying redundant BIG-IP devices or failover mechanisms to maintain service continuity during potential attacks or crashes. 7. Evaluate alternative access methods or temporary configuration changes that reduce reliance on per-request policies until a patch is available. 8. Conduct internal awareness training for network and security teams about this vulnerability and its impact to ensure rapid response capability.