CVE-2025-58071: 
F5 BIG-IP Virtual Edition vulnerability analysis and mitigation

CVE-2025-58071 is a vulnerability affecting F5's BIG-IP systems when IPsec is configured, where undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. The vulnerability was disclosed on October 15, 2025, affecting multiple BIG-IP product versions including BIG-IP (all modules), BIG-IP Next CNF, and BIG-IP Next for Kubernetes (NVD).

The vulnerability has been assigned a CVSS v4.0 score of 8.7 HIGH by F5 Networks with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N. Additionally, it received a CVSS v3.1 Base Score of 7.5 HIGH with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified under CWE-457 (Use of Uninitialized Variable) (NVD).

When exploited, this vulnerability can cause the Traffic Management Microkernel (TMM) to terminate on affected BIG-IP systems where IPsec is configured, potentially leading to service disruption (NVD).

F5 has released patches for affected systems and strongly urges customers to update their BIG-IP software as soon as possible. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued emergency directive (ED) 26-01 requiring federal agencies to inventory F5 deployments and apply patches by specific deadlines (Lansweeper).

The vulnerability disclosure came alongside F5's announcement of a security incident involving a nation-state threat actor who had maintained long-term access to their environment. This prompted immediate response from the security community and CISA's emergency directive, highlighting the severity of the situation (Tenable Blog).