Which versions of Big Ip Advanced Web Application Firewall are affected by CVE-2025-21091?

CVE-2025-21091 presents significant security risk rated CVSS 8.7. Successful exploitation could significantly impact the confidentiality, integrity, or availability of affected systems.

How to fix or mitigate CVE-2025-21091?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Big Ip Advanced Web Application Firewall CVE-2025-21091

Q: What is the CVSS score of CVE-2025-21091?

CVE-2025-21091 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.6%.

HIGH

Memory Leak (CWE-401)

2025-02-05 f5sirt@f5.com

Information Disclosure Big Ip Advanced Web Application Firewall Big Ip Application Security Manager Big Ip Container Ingress Services Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager Big Ip Application Visibility And Reporting Big Ip Automation Toolchain Big Ip Carrier Grade Nat Big Ip Ddos Hybrid Defender Big Ip Domain Name System Big Ip Edge Gateway Big Ip Fraud Protection Service Big Ip Global Traffic Manager Big Ip Link Controller Big Ip Local Traffic Manager Big Ip Policy Enforcement Manager Big Ip Ssl Orchestrator Big Ip Webaccelerator Big Ip Websafe

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:25 vuln.today

CVE Published

Feb 05, 2025 - 18:15 nvd

HIGH 8.7

DescriptionNVD

When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilization.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

AnalysisAI

When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilization. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Memory Leak (CWE-401), which allows attackers to exhaust available memory leading to denial of service. When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Affected products include: F5 Big-Ip Access Policy Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Advanced Web Application Firewall, F5 Big-Ip Analytics, F5 Big-Ip Application Acceleration Manager.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Ensure all allocated memory is properly freed. Use RAII patterns or garbage-collected languages.

CVE-2025-21091 vulnerability details – vuln.today

Back

Big Ip Advanced Web Application Firewall CVE-2025-21091

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

Big Ip Advanced Web Application Firewall CVE-2025-21091

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code