Details of VAR-202510-1106

ID

VAR-202510-1106

CVE

CVE-2025-55036

TITLE

F5 BIG-IP SSL Orchestrator Memory Corruption Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-25372

DESCRIPTION

When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory corruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. An attacker could exploit this vulnerability to cause system performance degradation, ultimately forcing or manually restarting the Traffic Management Microkernel (TMM) process, resulting in a denial of service (DoS)

Trust: 1.44

sources: NVD: CVE-2025-55036 // CNVD: CNVD-2025-25372

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-25372

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip ssl orchestrator	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip ssl orchestrator	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip ssl orchestrator	scope:	lt	version:	17.1.3	Trust: 1.0
vendor:	f5	model:	big-ip ssl orchestrator	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	f5	model:	big-ip ssl orchestrator	scope:	lt	version:	15.1.10.8	Trust: 1.0
vendor:	f5	model:	big-ip ssl orchestrator	scope:	lt	version:	16.1.6	Trust: 1.0
vendor:	f5	model:	big-ip	scope:	-	version:	-	Trust: 0.6
vendor:	f5	model:	ssl orchestrator	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-25372 // NVD: CVE-2025-55036

CVSS

SEVERITY

CVSSV2

CVSSV3

f5sirt@f5.com:	CVE-2025-55036
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-25372
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-25372
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

f5sirt@f5.com:	CVE-2025-55036
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-25372 // NVD: CVE-2025-55036

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.0

sources: NVD: CVE-2025-55036

PATCH

title:

Patch for F5 BIG-IP SSL Orchestrator Memory Corruption Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/744131

Trust: 0.6

sources: CNVD: CNVD-2025-25372

EXTERNAL IDS

db:	NVD	id:	CVE-2025-55036	Trust: 1.6
db:	CNVD	id:	CNVD-2025-25372	Trust: 0.6

sources: CNVD: CNVD-2025-25372 // NVD: CVE-2025-55036

REFERENCES

url:	https://my.f5.com/manage/s/article/k000151368	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-55036	Trust: 0.6

sources: CNVD: CNVD-2025-25372 // NVD: CVE-2025-55036

SOURCES

db:	CNVD	id:	CNVD-2025-25372
db:	NVD	id:	CVE-2025-55036

LAST UPDATE DATE

2025-11-19T23:21:10.304000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-25372	date:	2025-10-27T00:00:00
db:	NVD	id:	CVE-2025-55036	date:	2025-10-21T20:08:11.750

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-25372	date:	2025-10-21T00:00:00
db:	NVD	id:	CVE-2025-55036	date:	2025-10-15T14:15:51.293