VYPR
Unrated severityNVD Advisory· Published May 7, 2025· Updated May 8, 2025

BIG-IP HTTP/2 vulnerability

CVE-2025-36504

Description

When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected products

5
  • F5, Inc./Big IPllm-fuzzy3 versions
    (expand)+ 2 more
    • (no CPE)
    • (no CPE)range: 17.1.0
    • (no CPE)range: 20.2.0
  • F5/BIG-IP Next CNFv5
    Range: 1.1.0
  • Range: 1.8.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.