CVE-2025-24497: 
F5 BIG-IP Virtual Edition (tier - best) vulnerability analysis and mitigation

CVE-2025-24497 is a vulnerability affecting F5 Networks' BIG-IP Policy Enforcement Manager (PEM) systems. The vulnerability was discovered internally by F5 and disclosed on February 5, 2025. When URL categorization is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This vulnerability affects BIG-IP systems with PEM provisioned, URL categorization feature licensed, and virtual servers using URL categorization through iRule, Centralized Policy Matching rule, or BIG-IP PEM policy (F5 Advisory).

The vulnerability has been classified as CWE-125: Out-of-bounds Read. It received a CVSS v3.1 base score of 7.5 (High) and a CVSS v4.0 score of 8.7 (High). The vulnerability specifically affects BIG-IP PEM versions 17.1.0 through 17.1.1, with the fix introduced in version 17.1.2. The issue is limited to the data plane with no control plane exposure (F5 Advisory).

When exploited, this vulnerability causes traffic disruption while the TMM process restarts. It allows a remote unauthenticated attacker to cause a denial-of-service (DoS) on the BIG-IP system. The vulnerability specifically impacts systems where URL categorization is configured, which enables enforcement of policies configured as part of the subscriber profile based on URL category type (F5 Advisory).

F5 recommends configuring BIG-IP systems with high availability (HA) to lessen the vulnerability's impact. This includes configuring systems with HA clustering and configuring the HA table to take specific actions. For permanent remediation, users should upgrade to version 17.1.2 or later. Systems running versions that have reached End of Technical Support (EoTS) are not evaluated (F5 Advisory).