CVE-2025-36557

When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS

No CVSS.

References

Link	Resource
https://my.f5.com/manage/s/article/K000139571	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:f5:big-ip_next_cloud-native_network_functions::::::::
	cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes::::::::
	cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes::::::::

History

06 Aug 2025, 18:14

Type	Values Removed	Values Added
CPE		cpe:2.3:a:f5:big-ip_application_security_manager:::::::: cpe:2.3:a:f5:big-ip_analytics:::::::: cpe:2.3:a:f5:big-ip_fraud_protection_service:::::::: cpe:2.3:a:f5:big-ip_link_controller:::::::: cpe:2.3:a:f5:big-ip_policy_enforcement_manager:::::::: cpe:2.3:a:f5:big-ip_access_policy_manager:::::::: cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:::::::: cpe:2.3:a:f5:big-ip_application_acceleration_manager:::::::: cpe:2.3:a:f5:big-ip_domain_name_system:::::::: cpe:2.3:a:f5:big-ip_advanced_firewall_manager:::::::: cpe:2.3:a:f5:big-ip_global_traffic_manager:::::::: cpe:2.3:a:f5:big-ip_next_cloud-native_network_functions:::::::: cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
CWE	~~CWE-120~~
First Time		F5 big-ip Fraud Protection Service F5 big-ip Next Cloud-native Network Functions F5 big-ip Analytics F5 big-ip Advanced Firewall Manager F5 big-ip Access Policy Manager F5 F5 big-ip Global Traffic Manager F5 big-ip Domain Name System F5 big-ip Local Traffic Manager F5 big-ip Next Service Proxy For Kubernetes F5 big-ip Policy Enforcement Manager F5 big-ip Link Controller F5 big-ip Application Security Manager F5 big-ip Application Acceleration Manager
References	~~() https://my.f5.com/manage/s/article/K000139571 -~~	() https://my.f5.com/manage/s/article/K000139571 - Vendor Advisory

07 May 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-07 22:15

Updated : 2025-08-06 18:14

NVD link : CVE-2025-36557

Mitre link : CVE-2025-36557

JSON object : View

Products Affected

big-ip_local_traffic_manager
big-ip_global_traffic_manager
big-ip_application_acceleration_manager
big-ip_policy_enforcement_manager
big-ip_fraud_protection_service
big-ip_link_controller
big-ip_next_cloud-native_network_functions
big-ip_application_security_manager
big-ip_analytics
big-ip_access_policy_manager
big-ip_domain_name_system
big-ip_advanced_firewall_manager
big-ip_next_service_proxy_for_kubernetes

CWE

No CWE.

JSON object

Attach tags to CVE-2025-36557

Attach tags to `CVE-2025-36557`