F5 BIG-IP SNMP Flaw Allows Attackers to Launch DoS Attacks

A recently disclosed vulnerability in F5’s BIG-IP systems has raised alarm within the cybersecurity community.

The flaw, designated CVE-2025-21091, enables remote attackers to exploit SNMP configuration issues, potentially leading to Denial-of-Service (DoS) attacks on affected systems.

This vulnerability, which carries a CVSS v4.0 score of 8.7 (High), impacts the control plane of BIG-IP systems.

F5 has issued a security advisory regarding the issue, urging administrators to take immediate action to mitigate the risks.

Details of CVE-2025-21091

The vulnerability arises when SNMP v1 or v2c is disabled on a BIG-IP system. Under these circumstances, unspecified requests can cause increased memory usage on the system.

If left unaddressed, these memory resources may become fully consumed, degrading system performance until the snmpd process is manually or automatically restarted. This opens the door for remote, unauthenticated attackers to launch a DoS attack.

The issue affects the control plane of the BIG-IP system, which may, in turn, impact traffic handling on the data plane.

In essence, attackers could disrupt the operation of critical network and application traffic infrastructure.

F5 has classified this vulnerability under CWE-401: Missing Release of Memory after Effective Lifetime, highlighting the underlying memory management flaw.

Impacted Products and Fixes

The affected BIG-IP versions include:

• 17.x: Vulnerable versions range from 17.1.0 to 17.1.1, with the fix available in version 17.1.2.
• 16.x: Vulnerable versions range from 16.1.0 to 16.1.5, fixed via Hotfix-BIGIP-16.1.5.2.0.7.5-ENG.iso.
• 15.x: Vulnerable versions range from 15.1.0 to 15.1.10, fixed via Hotfix-BIGIP-15.1.10.6.0.11.6-ENG.iso.

For other F5 products such as F5OS, NGINX, and Distributed Cloud services, this vulnerability does not pose a threat.

Administrators of vulnerable BIG-IP systems are advised to:

1. Enable SNMP: Re-enable SNMP v1/v2c on their systems, as this reduces exposure to the vulnerability.
   • Use the following commands via TMOS Shell (tmsh):

modify sys snmp snmpv2c enable

modify sys snmp snmpv1 enable

save /sys config

1. Restrict SNMP access to trusted management interfaces using firewall rules.
2. Implement High Availability (HA): Configure BIG-IP systems in HA clustering mode to minimize the impact of potential disruptions.
3. Apply Updates: Upgrade to the fixed versions listed in the security advisory as soon as possible.

Detected internally by F5, this vulnerability serves as a reminder of the importance of routine security checks and prompt patching.

Organizations relying on BIG-IP systems should immediately assess their deployments, implement mitigations, and apply the necessary updates to secure their infrastructure.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free