CVE-2025-61990 is a vulnerability classified as CWE-415 (Double Free) found in the Traffic Management Microkernel (TMM) component of F5 Networks' BIG-IP product line. The issue specifically affects multi-bladed BIG-IP platforms configured with more than one blade. A double free occurs when the software attempts to free the same memory location twice, which can corrupt the memory management data structures. In this case, certain undisclosed network traffic can trigger this condition, causing the TMM process to terminate unexpectedly. Since TMM is responsible for managing network traffic and load balancing, its termination results in a denial of service (DoS) condition, disrupting network availability. The vulnerability affects multiple major versions of BIG-IP (15.1.0, 16.1.0, 17.1.0, and 17.5.0), all of which are currently supported and not end-of-support. The CVSS v3.1 base score is 7.5, indicating a high severity due to network attack vector, low complexity, no privileges or user interaction required, and a direct impact on availability without affecting confidentiality or integrity. No public exploits or patches have been disclosed at the time of publication, but the vulnerability is officially published and should be addressed promptly. The vulnerability's root cause is a memory management flaw in TMM's handling of traffic on multi-bladed systems, which are often deployed in high-throughput environments requiring robust traffic management and security functions.

For European organizations, the impact of CVE-2025-61990 can be substantial, especially for those relying on F5 BIG-IP devices for critical network functions such as load balancing, application delivery, and security enforcement. The denial of service caused by TMM termination can lead to network outages, degraded application performance, and potential disruption of business operations. This is particularly critical for sectors like finance, telecommunications, healthcare, and government services where network availability is paramount. The vulnerability's remote exploitability without authentication increases the risk of exploitation by external threat actors, including cybercriminals and nation-state actors. Although no known exploits are currently active, the public disclosure may prompt attackers to develop exploits, increasing urgency for mitigation. Organizations operating multi-bladed BIG-IP platforms must consider the risk of service interruptions and potential cascading effects on dependent systems and services. Additionally, regulatory requirements in Europe around service availability and incident reporting may impose further operational and compliance burdens if exploited.

To mitigate CVE-2025-61990, European organizations should first verify if their BIG-IP deployments use multi-bladed platforms and run affected versions (15.1.0, 16.1.0, 17.1.0, or 17.5.0). Immediate steps include: 1) Applying vendor-provided patches or updates once available; 2) If patches are not yet released, consider temporarily disabling multi-blade configurations or isolating affected devices from untrusted networks to reduce exposure; 3) Implement network-level protections such as strict ingress filtering and traffic anomaly detection to block or alert on suspicious traffic patterns that might trigger the vulnerability; 4) Monitor BIG-IP system logs and network traffic for unusual TMM terminations or crashes; 5) Engage with F5 support for guidance and early access to fixes or workarounds; 6) Review and update incident response plans to handle potential denial of service scenarios related to this vulnerability; 7) Conduct thorough testing of patches in controlled environments before deployment to avoid operational disruptions; 8) Maintain up-to-date asset inventories and configuration management to quickly identify affected systems. These targeted actions go beyond generic advice by focusing on the specific multi-blade architecture and the nature of the vulnerability.