Unrated severityNVD Advisory· Published Oct 15, 2025· Updated Feb 26, 2026

BIG-IP APM and SSL Orchestrator vulnerability

CVE-2025-47148

Description

When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP), with single logout (SLO) enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected products

F5/BIG-IPv5
Range: 17.5.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

my.f5.com/manage/s/article/K000148816mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000