Vulnerability DatabaseCVE-2025-41433

CVE-2025-41433:
F5 BIG-IP Virtual Edition (tier - best) vulnerability analysis and mitigation

Overview

A vulnerability identified as CVE-2025-41433 was disclosed on May 7, 2025, affecting F5 BIG-IP Virtual Edition systems. The issue occurs when a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, where undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate (NVD, Wiz).

Technical details

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) and has been assigned a CVSS v4.0 base score of 8.7 (HIGH) with vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L. Additionally, it received a CVSS v3.1 base score of 7.5 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD, Wiz).

Impact

The vulnerability primarily affects system availability by causing the Traffic Management Microkernel (TMM) to terminate when processing certain undisclosed requests, which can result in service disruption (Wiz).

Mitigation and workarounds

Software versions that have reached End of Technical Support (EoTS) are not evaluated for this vulnerability. Users are advised to refer to F5 Networks' official security advisory for specific mitigation steps and information about affected versions (NVD, Wiz).

Additional resources

Source: This report was generated using AI

Related F5 BIG-IP Virtual Edition (tier - best) vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-52585	HIGH	8.7	F5 BIG-IP Virtual Edition (tier - best)	cpe:2.3:a:f5:big-ip_access_policy_manager	No	Yes	Aug 13, 2025
CVE-2025-46405	HIGH	8.7	F5 BIG-IP Virtual Edition (tier - best)	cpe:2.3:a:f5:big-ip_access_policy_manager	No	Yes	Aug 13, 2025
CVE-2025-41433	HIGH	8.7	F5 BIG-IP Virtual Edition (tier - best)	cpe:2.3:a:f5:big-ip_access_policy_manager	No	Yes	May 07, 2025
CVE-2025-41431	HIGH	8.7	F5 BIG-IP Advanced Firewall Manager	cpe:2.3:a:f5:big-ip_access_policy_manager	No	Yes	May 07, 2025
CVE-2025-54500	MEDIUM	6.9	F5 BIG-IP Advanced Firewall Manager	cpe:2.3:a:f5:big-ip_advanced_firewall_manager	No	Yes	Aug 13, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2025-41433: F5 BIG-IP Virtual Edition (tier - best) vulnerability analysis and mitigation