CVE-2025-22891: 
F5 BIG-IP Virtual Edition (tier - best) vulnerability analysis and mitigation

CVE-2025-22891 affects BIG-IP PEM Control Plane listener Virtual Server when configured with Diameter Endpoint profile. The vulnerability was discovered and disclosed on February 5, 2025, impacting BIG-IP versions 17.1.0-17.1.1, 16.1.0-16.1.4, and 15.1.0-15.1.10. The issue allows undisclosed traffic to cause the Virtual Server to stop processing new client connections and increase memory resource utilization (F5 Advisory).

The vulnerability has been classified as CWE-401: Missing Release of Memory after Effective Lifetime. It has received a CVSS v3.1 score of 7.5 (High) and CVSS v4.0 score of 8.7 (High). The vulnerability specifically affects the Control Plane Listener virtual server when configured with Diameter Endpoint profile, and is a data plane issue with no control plane exposure (F5 Advisory).

The vulnerability can cause system performance degradation until the Traffic Management Microkernel (TMM) process is either forced to restart or manually restarted. It disrupts traffic for new client connections and allows remote unauthenticated attackers to cause a denial-of-service (DoS) on the BIG-IP system specific to the PEM control and data plane virtual servers. Additionally, management operations of BIG-IP PEM may not work, such as deletion of existing PEM subscribers, though existing PEM provisioned connections and other traffic are not immediately disrupted (F5 Advisory).

As a temporary workaround, administrators can restart the TMM process to recover traffic processing and management. F5 recommends configuring BIG-IP systems with High Availability (HA) to lessen the impact. For permanent remediation, users should upgrade to version 17.1.2 for 17.x branch, 16.1.5 for 16.x branch, or apply hotfix BIGIP-15.1.10.6.0.11.6-ENG.iso for 15.x branch (F5 Advisory).