CVE-2025-47148
BIG-IP APM and SSL Orchestrator vulnerability
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th
When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP), with single logout (SLO) enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization.Β Β Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
| CWE | CWE-404 |
| Vendor | f5 |
| Product | big-ip |
| Published | Oct 15, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for f5 big-ip
Be the first to know when new medium vulnerabilities affecting f5 big-ip are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected Versions
F5 / BIG-IP
17.5.0 < 17.5.1 17.1.0 < 17.1.3 16.1.0 < 16.1.6.1 15.1.0 < 15.1.10.8
References
Credits
F5