CVE-2025-24326: 
F5 BIG-IP Virtual Edition (tier - best) vulnerability analysis and mitigation

CVE-2025-24326 is a vulnerability affecting BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS Signatures feature. Discovered internally by F5 and disclosed on February 5, 2025, this vulnerability occurs when the BADoS TLS Signatures feature is configured, where undisclosed traffic can cause an increase in memory resource utilization (F5 Advisory).

The vulnerability has been classified as CWE-787: Out-of-bounds Write. It has received a CVSS v3.1 base score of 7.5 (High) and a CVSS v4.0 score of 8.9 (High). The vulnerability specifically affects the admd (Anomaly detection used by BADoS protection) component (F5 Advisory).

The vulnerability can cause system performance degradation until the admd or Traffic Management Microkernel (TMM) processes are either forced to restart or are manually restarted. A remote, unauthenticated attacker can exploit this to cause a degradation of service leading to a denial-of-service (DoS) on the BIG-IP system. It is specifically a data plane issue with no control plane exposure (F5 Advisory).

F5 recommends configuring BIG-IP systems with high availability (HA) to minimize the vulnerability's impact. This includes configuring systems with HA clustering and configuring the HA table to take specific actions. For affected versions, users should upgrade to the fixed versions: 17.1.2 for 17.x branch, 16.1.5 for 16.x branch, and Hotfix-BIGIP-15.1.10.6.0.11.6-ENG.iso for 15.x branch (F5 Advisory).