CVE-2024-25560 | TMM Vulnerability

When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Published: 2024-05-08 Last update: 2025-10-21 Assigner: [email protected] Source: [email protected]
NVD Status:AnalyzedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2024-25560 is rated Moderate Risk (49.9/100): CVSS High severity, with medium exploitation likelihood (EPSS 0.36%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2024-25560

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-11-21 0.64% 0.36% -0.28%
2 2025-11-18 0.36% 0.64% +0.28%
3 2025-10-22 0.36%

Full EPSS history (7 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2024-25560

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.5 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 3.9 3.6 [email protected]

Weakness enumeration for CVE-2024-25560

Affected software / configurations for CVE-2024-25560

Vendor Product Version Raw CPE
f5 big-ip_access_policy_manager >= 15.1.0, < 15.1.10.8 cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
f5 big-ip_advanced_firewall_manager >= 15.1.0, < 15.1.10.8 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
f5 big-ip_advanced_web_application_firewall >= 15.1.0, < 15.1.10.8 cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
f5 big-ip_analytics >= 15.1.0, < 15.1.10.8 cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
f5 big-ip_application_acceleration_manager >= 15.1.0, < 15.1.10.8 cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
f5 big-ip_application_security_manager >= 15.1.0, < 15.1.10.8 cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
f5 big-ip_application_visibility_and_reporting >= 15.1.0, < 15.1.10.8 cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*
f5 big-ip_automation_toolchain >= 15.1.0, < 15.1.10.8 cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*
f5 big-ip_carrier-grade_nat >= 15.1.0, < 15.1.10.8 cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*
f5 big-ip_container_ingress_services >= 15.1.0, < 15.1.10.8 cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*
f5 big-ip_ddos_hybrid_defender >= 15.1.0, < 15.1.10.8 cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*
f5 big-ip_domain_name_system >= 15.1.0, < 15.1.10.8 cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
f5 big-ip_edge_gateway >= 15.1.0, < 15.1.10.8 cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
f5 big-ip_fraud_protection_service >= 15.1.0, < 15.1.10.8 cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
f5 big-ip_global_traffic_manager >= 15.1.0, < 15.1.10.8 cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
f5 big-ip_link_controller >= 15.1.0, < 15.1.10.8 cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
f5 big-ip_local_traffic_manager >= 15.1.0, < 15.1.10.8 cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
f5 big-ip_policy_enforcement_manager >= 15.1.0, < 15.1.10.8 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
f5 big-ip_ssl_orchestrator >= 15.1.0, < 15.1.10.8 cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*
f5 big-ip_webaccelerator >= 15.1.0, < 15.1.10.8 cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
f5 big-ip_websafe >= 15.1.0, < 15.1.10.8 cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*
f5 big-ip_access_policy_manager >= 16.1.0, < 16.1.4 cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
f5 big-ip_advanced_firewall_manager >= 16.1.0, < 16.1.4 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
f5 big-ip_advanced_web_application_firewall >= 16.1.0, < 16.1.4 cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
f5 big-ip_analytics >= 16.1.0, < 16.1.4 cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
f5 big-ip_application_acceleration_manager >= 16.1.0, < 16.1.4 cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
f5 big-ip_application_security_manager >= 16.1.0, < 16.1.4 cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
f5 big-ip_application_visibility_and_reporting >= 16.1.0, < 16.1.4 cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*
f5 big-ip_automation_toolchain >= 16.1.0, < 16.1.4 cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*
f5 big-ip_carrier-grade_nat >= 16.1.0, < 16.1.4 cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*
f5 big-ip_container_ingress_services >= 16.1.0, < 16.1.4 cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*
f5 big-ip_ddos_hybrid_defender >= 16.1.0, < 16.1.4 cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*
f5 big-ip_domain_name_system >= 16.1.0, < 16.1.4 cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
f5 big-ip_edge_gateway >= 16.1.0, < 16.1.4 cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
f5 big-ip_fraud_protection_service >= 16.1.0, < 16.1.4 cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
f5 big-ip_global_traffic_manager >= 16.1.0, < 16.1.4 cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
f5 big-ip_link_controller >= 16.1.0, < 16.1.4 cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
f5 big-ip_local_traffic_manager >= 16.1.0, < 16.1.4 cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
f5 big-ip_policy_enforcement_manager >= 16.1.0, < 16.1.4 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
f5 big-ip_ssl_orchestrator >= 16.1.0, < 16.1.4 cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*
f5 big-ip_webaccelerator >= 16.1.0, < 16.1.4 cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
f5 big-ip_websafe >= 16.1.0, < 16.1.4 cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*
f5 big-ip_access_policy_manager 17.1.0 cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*
f5 big-ip_advanced_firewall_manager 17.1.0 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*
f5 big-ip_advanced_web_application_firewall 17.1.0 cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:*
f5 big-ip_analytics 17.1.0 cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*
f5 big-ip_application_acceleration_manager 17.1.0 cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*
f5 big-ip_application_security_manager 17.1.0 cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*
f5 big-ip_application_visibility_and_reporting 17.1.0 cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:*
f5 big-ip_automation_toolchain 17.1.0 cpe:2.3:a:f5:big-ip_automation_toolchain:17.1.0:*:*:*:*:*:*:*
f5 big-ip_carrier-grade_nat 17.1.0 cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:*
f5 big-ip_container_ingress_services 17.1.0 cpe:2.3:a:f5:big-ip_container_ingress_services:17.1.0:*:*:*:*:*:*:*
f5 big-ip_ddos_hybrid_defender 17.1.0 cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:*
f5 big-ip_domain_name_system 17.1.0 cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*
f5 big-ip_edge_gateway 17.1.0 cpe:2.3:a:f5:big-ip_edge_gateway:17.1.0:*:*:*:*:*:*:*
f5 big-ip_fraud_protection_service 17.1.0 cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*
f5 big-ip_global_traffic_manager 17.1.0 cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*
f5 big-ip_link_controller 17.1.0 cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*
f5 big-ip_local_traffic_manager 17.1.0 cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*
f5 big-ip_policy_enforcement_manager 17.1.0 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*
f5 big-ip_ssl_orchestrator 17.1.0 cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:*
f5 big-ip_webaccelerator 17.1.0 cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:*
f5 big-ip_websafe 17.1.0 cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:*
f5 big-ip_next_cloud-native_network_functions >= 1.1.0, < 1.2.0 cpe:2.3:a:f5:big-ip_next_cloud-native_network_functions:*:*:*:*:*:*:*:*

References for CVE-2024-25560

cvelogic Threat Intelligence