CVE-2025-36557: 
F5 BIG-IP Virtual Edition (tier - best) vulnerability analysis and mitigation

CVE-2025-36557 is a vulnerability affecting F5 Networks products, specifically systems with HTTP profiles that have the Enforce RFC Compliance option configured on a virtual server. The vulnerability was discovered and disclosed in May 2025. When exploited, this vulnerability allows undisclosed requests to cause the Traffic Management Microkernel (TMM) to terminate. It's important to note that software versions which have reached End of Technical Support (EoTS) are not evaluated for this vulnerability (NVD, Wiz).

The vulnerability has been classified as CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). It has received a CVSS v4.0 base score of 8.7 (HIGH) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L. In CVSS v3.1, it was assigned a base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD, Wiz).

When successfully exploited, this vulnerability can lead to the termination of the Traffic Management Microkernel (TMM), potentially resulting in service disruption. The high CVSS scores indicate significant availability impact, although confidentiality and integrity are not affected (Wiz).

F5 Networks has documented this vulnerability and provided mitigation guidance in their knowledge base. Detailed mitigation steps are available in the F5 article K000139571 (F5 Article).