vulnerability

F5 Networks: CVE-2025-47148: K000148816: BIG-IP APM and SSL Orchestrator vulnerability CVE-2025-47148

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:N/I:N/A:C)	Oct 16, 2025	Oct 16, 2025	Oct 16, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:N/A:C)

Published

Oct 16, 2025

Added

Oct 16, 2025

Modified

Oct 16, 2025

Description

When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP), with single logout (SLO) enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization.

Solution

f5-big-ip-upgrade-latest

References

CVE-2025-47148
https://attackerkb.com/topics/CVE-2025-47148
CWE-404
URL-https://my.f5.com/manage/s/article/K000148816

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today