Thursday, May 1, 2025
HomeCVE/vulnerabilityF5 BIG-IP SNMP Flaw Allows Attackers to Launch DoS Attacks

F5 BIG-IP SNMP Flaw Allows Attackers to Launch DoS Attacks

Published on

SIEM as a Service

Follow Us on Google News

A recently disclosed vulnerability in F5’s BIG-IP systems has raised alarm within the cybersecurity community.

The flaw, designated CVE-2025-21091, enables remote attackers to exploit SNMP configuration issues, potentially leading to Denial-of-Service (DoS) attacks on affected systems.

This vulnerability, which carries a CVSS v4.0 score of 8.7 (High), impacts the control plane of BIG-IP systems.

- Advertisement - Google News

F5 has issued a security advisory regarding the issue, urging administrators to take immediate action to mitigate the risks.

Details of CVE-2025-21091

The vulnerability arises when SNMP v1 or v2c is disabled on a BIG-IP system. Under these circumstances, unspecified requests can cause increased memory usage on the system.

If left unaddressed, these memory resources may become fully consumed, degrading system performance until the snmpd process is manually or automatically restarted. This opens the door for remote, unauthenticated attackers to launch a DoS attack.

The issue affects the control plane of the BIG-IP system, which may, in turn, impact traffic handling on the data plane.

In essence, attackers could disrupt the operation of critical network and application traffic infrastructure.

F5 has classified this vulnerability under CWE-401: Missing Release of Memory after Effective Lifetime, highlighting the underlying memory management flaw.

Impacted Products and Fixes

The affected BIG-IP versions include:

  • 17.x: Vulnerable versions range from 17.1.0 to 17.1.1, with the fix available in version 17.1.2.
  • 16.x: Vulnerable versions range from 16.1.0 to 16.1.5, fixed via Hotfix-BIGIP-16.1.5.2.0.7.5-ENG.iso.
  • 15.x: Vulnerable versions range from 15.1.0 to 15.1.10, fixed via Hotfix-BIGIP-15.1.10.6.0.11.6-ENG.iso.

For other F5 products such as F5OS, NGINX, and Distributed Cloud services, this vulnerability does not pose a threat.

Administrators of vulnerable BIG-IP systems are advised to:

  1. Enable SNMP: Re-enable SNMP v1/v2c on their systems, as this reduces exposure to the vulnerability.
    • Use the following commands via TMOS Shell (tmsh):
modify sys snmp snmpv2c enable

modify sys snmp snmpv1 enable

save /sys config
  1. Restrict SNMP access to trusted management interfaces using firewall rules.
  2. Implement High Availability (HA): Configure BIG-IP systems in HA clustering mode to minimize the impact of potential disruptions.
  3. Apply Updates: Upgrade to the fixed versions listed in the security advisory as soon as possible.

Detected internally by F5, this vulnerability serves as a reminder of the importance of routine security checks and prompt patching.

Organizations relying on BIG-IP systems should immediately assess their deployments, implement mitigations, and apply the necessary updates to secure their infrastructure.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free



Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Trellix Launches Phishing Simulator to Help Organizations Detect and Prevent Attacks

Trellix, a leader in cybersecurity solutions, has unveiled its latest innovation, the Trellix Phishing...

AiTM Phishing Kits Bypass MFA by Hijacking Credentials and Session Tokens

Darktrace's Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been...

Nitrogen Ransomware Uses Cobalt Strike and Log Wiping in Targeted Attacks on Organizations

Threat actors have leveraged the Nitrogen ransomware campaign to target organizations through deceptive malvertising...

Researchers Reveal Threat Actor TTP Patterns and DNS Abuse in Investment Scams

Cybersecurity researchers have uncovered the intricate tactics, techniques, and procedures (TTPs) employed by threat...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Trellix Launches Phishing Simulator to Help Organizations Detect and Prevent Attacks

Trellix, a leader in cybersecurity solutions, has unveiled its latest innovation, the Trellix Phishing...

AiTM Phishing Kits Bypass MFA by Hijacking Credentials and Session Tokens

Darktrace's Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been...

Nitrogen Ransomware Uses Cobalt Strike and Log Wiping in Targeted Attacks on Organizations

Threat actors have leveraged the Nitrogen ransomware campaign to target organizations through deceptive malvertising...