CVE-2025-41433: 
F5 BIG-IP Virtual Edition (tier - best) vulnerability analysis and mitigation

When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This vulnerability has been assigned CVE-2025-41433 and was disclosed on May 7, 2025 (NVD).

The vulnerability has been assigned a CVSS v4.0 base score of 8.7 HIGH (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L) and CVSS v3.1 base score of 7.5 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The vulnerability is classified as a NULL Pointer Dereference (CWE-476) (NVD).

The vulnerability affects the availability of the system by causing the Traffic Management Microkernel (TMM) to terminate when processing certain undisclosed requests. This can lead to service disruption (NVD).

Software versions which have reached End of Technical Support (EoTS) are not evaluated. Users should refer to F5 Networks' official security advisory for specific mitigation steps and affected versions (F5 Article).