CVE-2025-55036: 
F5 BIG-IP Virtual Edition (tier - best) vulnerability analysis and mitigation

When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory corruption. The vulnerability, tracked as CVE-2025-55036, was disclosed on October 15, 2025, affecting BIG-IP SSL Orchestrator versions from 15.1.0 to 15.1.10.8, 16.1.0 to 16.1.6, and 17.1.0 to 17.1.3 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 HIGH and a CVSS v4.0 score of 8.7 HIGH. The vulnerability vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating it is network-accessible, requires low attack complexity, needs no privileges or user interaction, and primarily impacts system availability. The weakness has been categorized as CWE-787 (Out-of-bounds Write) (NVD).

The vulnerability primarily affects system availability with no direct impact on confidentiality or integrity. When successfully exploited, it can cause memory corruption in the BIG-IP SSL Orchestrator when processing certain undisclosed traffic patterns through the explicit forward proxy configuration (NVD).

F5 has released patches for affected versions and strongly recommends updating BIG-IP software as soon as possible. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued emergency directive (ED) 26-01 recommending immediate application of all available updates and hardening of public-facing BIG-IP devices (Tenable Blog).

The vulnerability disclosure coincided with F5's announcement of a security incident involving a nation-state threat actor who had gained access to their systems between August and October 2025. This has heightened industry concern and led to CISA issuing an emergency directive for federal agencies (Tenable Blog).