fkie_cve-2025-54500
Vulnerability from fkie_nvd
Published
2025-08-13 15:15
Modified
2025-10-21 19:26
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack).
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | https://my.f5.com/manage/s/article/K000152001 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A0C1CA-EDEF-463F-B7C8-8B9E67239FC1",
"versionEndExcluding": "15.1.10.8",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6538FBFE-AE3F-41DC-BE48-8A2444DE1F39",
"versionEndExcluding": "15.1.10.8",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDAF78A-6C2B-4640-93DD-524A0D9D80CE",
"versionEndExcluding": "15.1.10.8",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEC05AA-EB63-4A34-94E8-81606329BA75",
"versionEndExcluding": "15.1.10.8",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3007970-0661-4CAC-91A6-363396ED3B41",
"versionEndExcluding": "15.1.10.8",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2450DC77-B46C-4886-AC9A-CF78B1EC4F06",
"versionEndExcluding": "15.1.10.8",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8BC9B56-DC91-4312-9A37-0892E1DCC97D",
"versionEndExcluding": "15.1.10.8",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C25C2C-608A-432F-B49C-CED71150801C",
"versionEndExcluding": "15.1.10.8",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96D77245-3641-49B9-BC32-472D460E5C1F",
"versionEndExcluding": "15.1.10.8",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37AF1DFD-AE86-4F64-9941-75FAA0186ED8",
"versionEndExcluding": "15.1.10.8",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87D1615C-6A97-4530-8E3A-92141B6EECD8",
"versionEndExcluding": "15.1.10.8",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "787649F6-17ED-4EFE-9C48-8318FEB941E7",
"versionEndExcluding": "15.1.10.8",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "268F789C-AC21-4CE9-9000-8E8B5CB38D2F",
"versionEndExcluding": "15.1.10.8",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A04C923A-BBBC-4C4A-A653-B14C2CCEF3D9",
"versionEndExcluding": "15.1.10.8",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1DE6647-EC65-46DB-BE41-826C0BE3CBF4",
"versionEndExcluding": "15.1.10.8",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA96598-3D9C-43CB-9BE1-95878894FDE2",
"versionEndExcluding": "15.1.1.0.8",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A5E3508-3BD2-4275-A654-B379EB95A5C2",
"versionEndExcluding": "15.1.10.8",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB854FAF-E3B8-4D94-8346-57B73D5B95FE",
"versionEndExcluding": "15.1.10.8",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40B87228-F144-41C7-ACD8-1168CC5C57F3",
"versionEndExcluding": "15.1.10.8",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAC86368-6FD4-4232-9E33-8B14B783C6C9",
"versionEndExcluding": "15.1.10.8",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96451762-2663-4773-BA48-CD437150C827",
"versionEndExcluding": "15.1.10.8",
"versionStartIncluding": "15.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6494E2A7-1473-46C0-97F8-90827D9466AA",
"versionEndExcluding": "16.1.6.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56128695-2B01-4B7D-AC5F-DCDFCFE28BD6",
"versionEndExcluding": "16.1.6.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "025BE711-822D-4840-920C-E8636DA97738",
"versionEndExcluding": "16.1.6.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F28A7BB-AC00-4AB0-94CE-798890A6EA01",
"versionEndExcluding": "16.1.6.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E36153D6-A0AF-41DA-B99F-ACD3333D5092",
"versionEndExcluding": "16.1.6.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A23DB2A-FB60-4DA3-A7CD-D714BE1BDFBD",
"versionEndExcluding": "16.1.6.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9F00EE-50B8-4B4F-BACB-F0599EBEE946",
"versionEndExcluding": "16.1.6.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00A47522-6E92-4441-9B88-223863F06061",
"versionEndExcluding": "16.1.6.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67C3778D-1F87-40AD-9163-883CEC3C1712",
"versionEndExcluding": "16.1.6.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D17FD44-D4DB-40FC-8A0D-018EE6650975",
"versionEndExcluding": "16.1.6.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92891C8E-D1E2-4128-9C3E-95DD922760F2",
"versionEndExcluding": "16.1.6.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1381CA01-0A3D-4027-8B2D-DA773F0F2447",
"versionEndExcluding": "16.1.6.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBC3076-EA5C-4D18-943A-E5574FEEAE05",
"versionEndExcluding": "16.1.6.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72789BAC-8984-4364-857C-E6050F35DACD",
"versionEndExcluding": "16.1.6.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A63DAF65-3864-4979-8AB5-A415DEE43527",
"versionEndExcluding": "16.1.6.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17A49B38-5E69-4288-8D3B-468C7B32EC4B",
"versionEndExcluding": "16.1.6.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C4CCE82-6E33-4448-899E-3938E9F26364",
"versionEndExcluding": "16.1.6.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE263046-0C37-4DEC-A2BD-9056534F497D",
"versionEndExcluding": "16.1.6.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7829108D-71A4-4F91-81F6-804E9EB1AE9D",
"versionEndExcluding": "16.1.6.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE79228D-BD43-4ADF-A36F-88DA748D83A2",
"versionEndExcluding": "16.1.6.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE6EAF28-5EEF-4333-A911-37DB84419B75",
"versionEndExcluding": "16.1.6.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96D35435-27A7-4A88-9432-1F5AB0112B8C",
"versionEndExcluding": "17.1.3",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0875AD2C-37BC-4341-8686-8F15221CD3BB",
"versionEndExcluding": "17.5.1.2",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19F0ED03-65CE-461B-97CE-ECBE2D290A5C",
"versionEndExcluding": "17.1.3",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A652DA50-7493-4803-9435-071713351C01",
"versionEndExcluding": "17.5.1.2",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B24E3BE-8A62-4819-B63C-01EE10E6160F",
"versionEndExcluding": "17.1.3",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B67C5E-38F3-4431-852C-AE4AD01A02B1",
"versionEndExcluding": "17.5.1.2",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5560B775-1D1A-4B91-BF73-8214C54E0136",
"versionEndExcluding": "17.1.3",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "906CD1AE-2519-4B02-A68A-E2B26F557A3F",
"versionEndExcluding": "17.5.1.2",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E79DDBA8-2BAA-45CF-ADDB-E0CD29EFCD69",
"versionEndExcluding": "17.1.3",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "513C9F9C-E60A-40A4-B905-3273534099B5",
"versionEndExcluding": "17.5.1.2",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0F0A9D-1B7E-4271-B309-64399AC7DD89",
"versionEndExcluding": "17.1.3",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FCD3CE8-D69D-4F00-BE0D-7AF4F1C04DDA",
"versionEndExcluding": "17.5.1.2",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C71682-BEF8-4916-AEA3-C6B73229BC7D",
"versionEndExcluding": "17.1.3",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "750E4A9F-92CE-49F2-B961-518FCC2E977D",
"versionEndExcluding": "17.5.1.2",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A5E22E-BC34-428B-8230-7950FEA1F426",
"versionEndExcluding": "17.1.3",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B999CDBD-69FD-402E-9DA3-AA2BAE36E0C3",
"versionEndExcluding": "17.5.1.2",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F6EB345-1978-44BA-9FFD-B1F0F98E8424",
"versionEndExcluding": "17.1.3",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC05F0A-F5BC-4924-955E-E7B2B1ADDFD6",
"versionEndExcluding": "17.5.1.2",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4503795E-1956-40E5-A4AA-096D5CE35197",
"versionEndExcluding": "17.1.3",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A56769-FA74-408E-BEE3-9308FE77D91E",
"versionEndExcluding": "17.5.1.2",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B1DA3DB-754B-4CB1-9970-8FE24F8904D7",
"versionEndExcluding": "17.1.3",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "640F84C6-0361-4D2E-AE78-B6673A3348C2",
"versionEndExcluding": "17.5.1.2",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60F7DB59-2F2B-4AC7-B058-2DB7C9C4DE87",
"versionEndExcluding": "17.1.3",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E58BC2B-2656-415C-8091-84C0777BA3A8",
"versionEndExcluding": "17.5.1.2",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20E70B13-F29C-45AA-87CD-96AF990A524C",
"versionEndExcluding": "17.1.3",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F08F52E7-6764-49FE-99D9-E22D1517D98D",
"versionEndExcluding": "17.5.1.2",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4685C82-B428-406D-917A-9A7D6167C848",
"versionEndExcluding": "17.1.3",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D39B6C5A-1E70-4152-A2A3-EB651F3EF511",
"versionEndExcluding": "17.5.1.2",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3428C746-89F5-499B-99E3-E7F9A04AA6E5",
"versionEndExcluding": "17.1.3",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "827B18BF-818E-42DB-A8F5-B3DA845EB658",
"versionEndExcluding": "17.1.3",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18B0EAA3-305E-4472-A391-84A50EB35999",
"versionEndExcluding": "17.5.1.2",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F5003F-A341-4C95-B402-1C0AF5530039",
"versionEndExcluding": "17.1.3",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDB0BBF-5D03-46CB-A02F-D05D98CD35AB",
"versionEndExcluding": "17.5.1.2",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "022E0278-5754-4C93-9B54-1BAB3948A534",
"versionEndExcluding": "17.1.3",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20880A1E-DA66-478B-9549-C942BD411056",
"versionEndExcluding": "17.5.1.2",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "581B1484-C457-4C11-B43A-DCF49EBC07DA",
"versionEndExcluding": "17.1.3",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B83DCDA-EC83-4C3B-9311-F2634AF88C96",
"versionEndExcluding": "17.5.1.2",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A52583A0-7F8A-4B20-9C92-677FD176FFE4",
"versionEndExcluding": "17.1.3",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7F8EC1F-1246-4472-BFFC-906B53755EF3",
"versionEndExcluding": "17.5.1.2",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB901CA-EF5B-437C-BDE0-65117E086B8E",
"versionEndExcluding": "17.1.3",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E69736C-9BDE-43E4-B08F-AD478C070E10",
"versionEndExcluding": "17.5.1.2",
"versionStartIncluding": "17.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_next_central_manager:20.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65FEE3F8-D6C1-4F0D-B2F5-0FD95012CD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_next_cloud-native_network_functions:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3222CE1A-3C23-40FC-9331-370F6BA1CDCC",
"versionEndIncluding": "1.4.1",
"versionStartIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_next_cloud-native_network_functions:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07177D8A-5A8A-4836-A969-3104E43CCEDF",
"versionEndIncluding": "2.0.2",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_next_for_kubernetes:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9960E8-26E9-48E2-A398-7076A8B994DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7328B4-B7E0-460E-8270-116FE813FB23",
"versionEndIncluding": "1.9.2",
"versionStartIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF803740-BAB5-43F9-8D69-A5E9081F8077",
"versionEndIncluding": "2.0.2",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:silverline:*:*:*:*:*:*:*:*",
"matchCriteriaId": "797F92AF-DF2E-4045-BCEB-4168FFD5E538",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack).\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
},
{
"lang": "es",
"value": "Una falla en la implementaci\u00f3n de HTTP/2 permite una denegaci\u00f3n de servicio (DoS) que utiliza marcos de control HTTP/2 malformados para superar el l\u00edmite m\u00e1ximo de transmisiones concurrentes (ataque HTTP/2 MadeYouReset). Nota: Las versiones de software que han alcanzado el fin del soporte t\u00e9cnico (EoTS) no se eval\u00faan."
}
],
"id": "CVE-2025-54500",
"lastModified": "2025-10-21T19:26:45.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "f5sirt@f5.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "f5sirt@f5.com",
"type": "Secondary"
}
]
},
"published": "2025-08-13T15:15:38.547",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
],
"url": "https://my.f5.com/manage/s/article/K000152001"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "f5sirt@f5.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…