Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-54500
PUBLISHED
More InfoOfficial Page
Assigner-f5
Assigner Org ID-9dacffd4-cb11-413f-8451-fbbfd4ddc0ab
View Known Exploited Vulnerability (KEV) details
Published At-13 Aug, 2025 | 14:46
Updated At-13 Aug, 2025 | 15:26
Rejected At-
▼CVE Numbering Authority (CNA)
HTTP/2 Vulnerability

An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Products
Vendor
F5, Inc.F5
Product
BIG-IP
Modules
  • All Modules
  • HTTP/2 enabled virtual server
Default Status
unknown
Versions
Affected
  • From 17.5.0 before * (custom)
  • From 17.1.0 before * (custom)
  • From 16.1.0 before * (custom)
  • From 15.1.0 before * (custom)
Vendor
F5, Inc.F5
Product
BIG-IP Next
Modules
  • HTTP/2 enabled virtual server
Default Status
unknown
Versions
Affected
  • From 20.3.0 before * (custom)
Vendor
F5, Inc.F5
Product
BIG-IP Next SPK
Modules
  • F5SPKIngressHTTP2 Custom Resource
Default Status
unknown
Versions
Affected
  • From 2.0.0 before * (custom)
  • From 1.7.0 before * (custom)
Vendor
F5, Inc.F5
Product
BIG-IP Next CNF
Modules
  • F5SPKIngressHTTP2 Custom Resource
Default Status
unknown
Versions
Affected
  • From 2.0.0 before * (custom)
  • From 1.1.0 before * (custom)
Vendor
F5, Inc.F5
Product
BIG-IP Next for Kubernetes
Modules
  • F5SPKIngressHTTP2 Custom Resource
Default Status
unknown
Versions
Affected
  • From 2.0.0 before * (custom)
Problem Types
TypeCWE IDDescription
CWECWE-770CWE-770 Allocation of Resources Without Limits or Throttling
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
F5 acknowledges Gal Bar Nahum, Anat Bremler-Barr and Yaniv Harel for bringing this issue to our attention and following the highest standards of coordinated disclosure.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://my.f5.com/manage/s/article/K000152001
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found