What is the severity of CVE-2025-24497?

CVE-2025-24497 is classified as a severe vulnerability due to the potential for the Traffic Management Microkernel to terminate unexpectedly.

How do I fix CVE-2025-24497?

To mitigate CVE-2025-24497, you should upgrade F5 BIG-IP (PEM) to the latest version that addresses this vulnerability.

Which versions of F5 BIG-IP (PEM) are affected by CVE-2025-24497?

F5 BIG-IP (PEM) versions 17.1.0 to 17.1.2 are affected by CVE-2025-24497.

What impact does CVE-2025-24497 have on F5 BIG-IP (PEM) systems?

CVE-2025-24497 can lead to the termination of the Traffic Management Microkernel, causing disruptions in traffic management services.

Is URL categorization related to CVE-2025-24497?

Yes, URL categorization is a configuration setting on the virtual server that, when improperly configured, can trigger the vulnerability CVE-2025-24497.

Vulnerability/
CVE-2025-24497

high

8.7

CWE

125

EPSS

0.043%

5/2/2025

12/2/2025

CVE-2025-24497: BIG-IP PEM vulnerability

First published: Wed Feb 05 2025(Updated: )

When URL categorization is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.

Credit: f5sirt@f5.com

Affected Software	Affected Version	How to fix
F5 BIG-IP Policy Enforcement Manager	>=17.1.0<=17.1.1	17.1.2
F5 BIG-IP Policy Enforcement Manager

Never miss a vulnerability like this again

Reference Links

https://my.f5.com/manage/s/article/K000140920

Frequently Asked Questions

What is the severity of CVE-2025-24497?
CVE-2025-24497 is classified as a severe vulnerability due to the potential for the Traffic Management Microkernel to terminate unexpectedly.
How do I fix CVE-2025-24497?
To mitigate CVE-2025-24497, you should upgrade F5 BIG-IP (PEM) to the latest version that addresses this vulnerability.
Which versions of F5 BIG-IP (PEM) are affected by CVE-2025-24497?
F5 BIG-IP (PEM) versions 17.1.0 to 17.1.2 are affected by CVE-2025-24497.
What impact does CVE-2025-24497 have on F5 BIG-IP (PEM) systems?
CVE-2025-24497 can lead to the termination of the Traffic Management Microkernel, causing disruptions in traffic management services.
Is URL categorization related to CVE-2025-24497?
Yes, URL categorization is a configuration setting on the virtual server that, when improperly configured, can trigger the vulnerability CVE-2025-24497.

collector/f5-advisory
source/F5
alias/CVE-2025-24497
agent/software-canonical-lookup
agent/references
agent/first-publish-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/title
agent/type
agent/description
agent/weakness
collector/epss-latest
source/FIRST
agent/epss
collector/nvd-api
source/NVD
agent/author
agent/severity
agent/source
agent/last-modified-date
agent/tags
agent/event
vendor/f5
canonical/f5 big-ip policy enforcement manager
version/f5 big-ip policy enforcement manager/17.1.0
version/f5 big-ip policy enforcement manager/17.1.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.