Description
When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP), with single logout (SLO) enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Metrics
- Vector
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Attack Vector
- network
- Complexity
- low
- Privileges
- low
- User Action
- none
- Confidentiality
- undefined
- Integrity
- undefined
- Availability
- undefined
- Weaknesses
- CWE-404
Metadata
- Primary Vendor
- F5
- Published
- 10/15/2025
- Last Modified
- 10/21/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
f5 : big-ip_access_policy_managerf5 : big-ip_access_policy_managerf5 : big-ip_access_policy_managerf5 : big-ip_access_policy_managerf5 : big-ip_ssl_orchestratorf5 : big-ip_ssl_orchestratorf5 : big-ip_ssl_orchestratorf5 : big-ip_ssl_orchestrator
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.