CVE-2025-36557: 
F5 BIG-IP Virtual Edition (tier - best) vulnerability analysis and mitigation

CVE-2025-36557 is a vulnerability affecting systems with HTTP profiles that have the Enforce RFC Compliance option configured on a virtual server. The vulnerability was discovered and disclosed in May 2025, affecting F5 Networks products. When exploited, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate (NVD, CVE).

The vulnerability has been assigned a CVSS v4.0 base score of 8.7 (HIGH) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L. In CVSS v3.1, it received a base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified as CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (NVD).

When successfully exploited, this vulnerability can cause the Traffic Management Microkernel (TMM) to terminate, potentially leading to service disruption. The high CVSS scores indicate significant availability impact, though confidentiality and integrity are not affected (NVD).

F5 Networks has documented this vulnerability and provided mitigation guidance in their knowledge base. Software versions that have reached End of Technical Support (EoTS) are not evaluated for this vulnerability (F5 Article).