Unrated severityNVD Advisory· Published Aug 13, 2025· Updated Nov 3, 2025

HTTP/2 Vulnerability

CVE-2025-54500

Description

An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack).

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected products

F5/BIG-IPv5
Range: 17.5.0
F5/BIG-IP Nextv5
Range: 20.3.0
F5/BIG-IP Next CNFv5
Range: 2.0.0
F5/BIG-IP Next for Kubernetesv5
Range: 2.0.0
F5/BIG-IP Next SPKv5
Range: 2.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

my.f5.com/manage/s/article/K000152001mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000