CVE-2025-55669
HIGHDescription
When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Is your site exposed to CVE-2025-55669?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| f5 | big-ip_application_security_manager |
| f5 | big-ip_application_security_manager |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-55669? +
How severe is CVE-2025-55669? +
What products are affected by CVE-2025-55669? +
How do I check if I'm vulnerable to CVE-2025-55669? +
Related Vulnerabilities
Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager.
JWK Set (JSON Web Key Set) is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided …
NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial …
Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that …
OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP …
An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain …