CVE-2025-41414: 
F5 BIG-IP Virtual Edition (tier - best) vulnerability analysis and mitigation

When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. This vulnerability is tracked as CVE-2025-41414 and was published on May 7, 2025. The vulnerability affects F5 systems with HTTP/2 client and server profiles configured (NVD Database).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) issue. It has received a CVSS v4.0 Base Score of 8.7 (HIGH) with vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L, and a CVSS v3.1 Base Score of 7.5 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD Database).

The vulnerability can cause the Traffic Management Microkernel (TMM) to terminate, potentially leading to service disruption. The high CVSS scores indicate significant impact on system availability, though there are no direct impacts on confidentiality or integrity (NVD Database).

Software versions which have reached End of Technical Support (EoTS) are not evaluated. For specific mitigation steps and patches, affected users should consult F5's official security advisory (F5 Article).