CVE-2025-52585: 
F5 BIG-IP Virtual Edition vulnerability analysis and mitigation

When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This vulnerability has been assigned CVE-2025-52585 and was disclosed on August 13, 2025. The vulnerability affects BIG-IP versions 17.1.0, 16.1.0, and 15.1.0 (Rapid7 DB).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) issue. It has received a CVSS v3.1 Base Score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability is characterized by its network attack vector, low attack complexity, and requires no privileges or user interaction. The vulnerability specifically impacts availability while having no direct effect on confidentiality or integrity (NVD).

The primary impact of this vulnerability is on system availability. When successfully exploited, it can cause the Traffic Management Microkernel (TMM) to terminate, potentially leading to service disruption. The vulnerability specifically affects the availability of the system while not impacting confidentiality or integrity (NVD).

Software versions that have reached End of Technical Support (EoTS) are not evaluated for this vulnerability. For affected systems, organizations should review their BIG-IP LTM Client SSL profile configurations, particularly focusing on SSL Forward Proxy and Anonymous Diffie-Hellman (ADH) cipher settings (F5 Networks).