PT-2025-5728 · F5 · Application Level Gateway Mode+1
Published
2025-02-05
·
Updated
2025-02-05
·
CVE-2025-20045
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
No specific software name is mentioned, but based on the context, it appears to be related to a product from a company like F5, given the mention of terms like "Traffic Management Microkernel (TMM)" and "Application Level Gateway mode (ALG)".
Affected versions are not specified.
Description:
The issue arises when a SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled, along with a SIP router ALG profile, is configured on a Message Routing type virtual server. This configuration can lead to the termination of the Traffic Management Microkernel (TMM) due to undisclosed traffic. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Application Level Gateway Mode
Traffic Management Microkernel