CVE-2025-61974 is a vulnerability classified under CWE-401 (Missing Release of Memory after Effective Lifetime) affecting F5 BIG-IP versions 15.1.0, 16.1.0, 17.1.0, and 17.5.0. The flaw occurs specifically when a client SSL profile is configured on a virtual server. In this configuration, certain undisclosed requests can trigger a condition where memory allocated during processing is not properly released after its intended use, causing a gradual increase in memory consumption. This memory leak can lead to resource exhaustion, potentially resulting in denial of service (DoS) conditions where the BIG-IP device becomes unresponsive or crashes. The vulnerability is remotely exploitable over the network without requiring any authentication or user interaction, increasing its risk profile. The CVSS v3.1 score is 7.5 (high), reflecting the network attack vector, low attack complexity, no privileges required, and no user interaction needed, with impact primarily on availability. No public exploits have been reported yet, and software versions that have reached End of Technical Support are excluded from evaluation. The absence of patch links suggests that a fix may be pending or forthcoming from F5. This vulnerability is critical for organizations relying on BIG-IP devices for SSL termination, load balancing, and application delivery, as it can disrupt service availability and impact business continuity.

For European organizations, the primary impact of CVE-2025-61974 is the risk of denial of service caused by memory exhaustion on F5 BIG-IP devices. These devices are widely used in enterprise environments for secure application delivery, SSL offloading, and traffic management. An attacker exploiting this vulnerability can degrade or completely disrupt network services, impacting critical business applications and customer-facing services. This could lead to operational downtime, loss of productivity, and potential reputational damage. Sectors such as finance, telecommunications, healthcare, and government, which heavily rely on BIG-IP for secure and reliable network infrastructure, are particularly at risk. Additionally, the disruption of security functions like SSL inspection could expose organizations to further threats. The fact that exploitation requires no authentication and no user interaction increases the likelihood of automated attacks targeting exposed BIG-IP instances. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as attackers often develop exploits following public disclosure. European organizations must consider the impact on availability and plan for rapid mitigation to maintain service continuity.

1. Monitor memory utilization on all F5 BIG-IP devices, especially those with client SSL profiles configured, to detect abnormal increases indicative of exploitation attempts. 2. Restrict network exposure of BIG-IP management and virtual server interfaces by implementing strict access controls and network segmentation, limiting access to trusted sources only. 3. Apply vendor patches or updates as soon as they become available; maintain close communication with F5 for patch release announcements. 4. Employ rate limiting and traffic filtering to reduce the volume of potentially malicious requests targeting vulnerable virtual servers. 5. Conduct regular configuration reviews to ensure client SSL profiles are only enabled where necessary and are configured securely. 6. Implement redundancy and failover mechanisms to minimize service disruption in case of device failure due to exploitation. 7. Incorporate this vulnerability into incident response plans to enable rapid detection and remediation. 8. Use intrusion detection/prevention systems (IDS/IPS) to identify and block suspicious traffic patterns that may exploit this memory leak. These steps go beyond generic advice by focusing on proactive monitoring, network hardening, and operational readiness tailored to the specific nature of this vulnerability.