CVE-2025-20045: 
F5 BIG-IP Virtual Edition (tier - best) vulnerability analysis and mitigation

CVE-2025-20045 is a vulnerability affecting BIG-IP systems when SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled and SIP router ALG profile are configured on a Message Routing type virtual server. The vulnerability was discovered internally by F5 and disclosed on February 5, 2025 (F5 Advisory).

The vulnerability is classified as CWE-476: NULL Pointer Dereference. It has received a CVSS v3.1 base score of 7.5 (HIGH) and CVSS v4.0 score of 8.7 (HIGH). The vulnerability affects BIG-IP versions 15.1.0-15.1.10, 16.1.0-16.1.4, and 17.1.0-17.1.1. The issue is specific to the data plane with no control plane exposure (F5 Advisory).

When exploited, this vulnerability causes the Traffic Management Microkernel (TMM) to terminate, resulting in traffic disruption while the TMM process restarts. The vulnerability allows an unauthenticated remote attacker to cause a denial-of-service (DoS) on the BIG-IP system (F5 Advisory).

F5 has released fixes in versions 17.1.2, 16.1.5, and hotfix BIGIP-15.1.10.6.0.11.6-ENG.iso for affected systems. For systems without immediate update capability, F5 recommends configuring BIG-IP systems with high availability (HA) clustering to minimize the vulnerability's impact. Additionally, configuring the HA table to take specific actions can help mitigate the issue (F5 Advisory).