CVE-2025-41399: 
F5 BIG-IP Virtual Edition (tier - best) vulnerability analysis and mitigation

When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. The vulnerability was discovered and assigned CVE-2025-41399, affecting F5 Networks products. The issue was disclosed on May 7, 2025 (NVD).

The vulnerability has received a CVSS v4.0 base score of 8.7 HIGH from F5 Networks with vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L. Additionally, it has a CVSS v3.1 base score of 7.5 HIGH with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified under CWE-404 (Improper Resource Shutdown or Release) (NVD).

The vulnerability can lead to increased memory resource utilization in systems where an SCTP profile is configured on a virtual server. This could potentially result in degraded system performance or denial of service conditions (NVD).

Software versions which have reached End of Technical Support (EoTS) are not evaluated. Users should ensure their systems are updated to the latest supported version (NVD).