CVE-2025-22846: 
F5 BIG-IP Advanced Firewall Manager vulnerability analysis and mitigation

CVE-2025-22846 is a vulnerability discovered in F5 BIG-IP systems that affects the Session Initiation Protocol (SIP) application layer gateway (ALG) functionality. The vulnerability was disclosed on February 5, 2025. When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate (F5 Advisory).

The vulnerability has been classified as CWE-404: Improper Resource Shutdown or Release. It has received a CVSS v3.1 base score of 7.5 (High) and a CVSS v4.0 score of 8.7 (High). The issue affects the data plane only, with no control plane exposure. The vulnerability specifically impacts Message Routing type virtual servers that have both SIP Session and Router ALG profiles configured (F5 Advisory).

When exploited, this vulnerability causes the Traffic Management Microkernel (TMM) to terminate, resulting in traffic disruption while the TMM process restarts. This allows a remote, unauthenticated attacker to cause a denial-of-service (DoS) condition on the BIG-IP system (F5 Advisory).

F5 recommends configuring BIG-IP systems with high availability (HA) to minimize the vulnerability's impact. This includes setting up device service clustering and configuring the HA table for specific actions. For permanent remediation, users should upgrade to fixed versions: 17.1.2 for 17.x branch, 16.1.5 for 16.x branch, and hotfix BIGIP-15.1.10.6.0.11.6-ENG.iso for 15.1.x branch (F5 Advisory).