CVE-2025-46405: 
F5 BIG-IP Virtual Edition (tier - best) vulnerability analysis and mitigation

CVE-2025-46405 is a security vulnerability affecting BIG-IP APM virtual servers. The vulnerability was discovered and disclosed on August 13, 2025. When Network Access is configured on a BIG-IP APM virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate (NVD).

The vulnerability has been assigned a CVSS v4.0 base score of 8.7 HIGH (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N) and a CVSS v3.1 base score of 7.5 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The vulnerability is classified as a Stack-based Buffer Overflow (CWE-121) (NVD).

The primary impact of this vulnerability is on system availability, as it can cause the Traffic Management Microkernel (TMM) to terminate when specific conditions are met. This can lead to service disruption for systems using BIG-IP APM virtual servers with Network Access configuration (NVD).

F5 Networks has documented this vulnerability and provided information in their knowledge base. Software versions which have reached End of Technical Support (EoTS) are not evaluated for this vulnerability (NVD, F5 Article).