InfoSecBulletin Cybersecurity for mankind
F5 Networks has revealed a new HTTP/2 vulnerability impacting several BIG-IP products, which could enable remote attackers to conduct denial-of-service attacks on corporate networks.
The security flaw named CVE-2025-54500, known as the “HTTP/2 MadeYouReset Attack,” was announced on August 13, 2025, with updates on August 15.
EDR-Freeze: A Tool That Puts EDRs And Antivirus Into A Coma State
First-ever AI-powered ‘MalTerminal’ Malware Uses OpenAI GPT-4 to Generate Code
Gmail Data exposes via ChatGPT Deep Research Agent dubbed “ShadowLeak Zero-Click” Flaw
Cyber attack disrupts several European airports: check-in and boarding systems affected
Hacker claim to breach Link3; 189,000 Users data up for sale
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka
Microsoft Confirms 900+ XSS Vulns Found in IT Services
Daily Security Update Dated : 15.09.2025
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions
Major Australian Banks using Army of AI Bots to Scam Scammers
The vulnerability exploits malformed HTTP/2 control frames to overwhelm systems and has been assigned a medium severity rating with CVSS scores of 5.3 (v3.1) and 6.9 (v4.0).
HTTP/2 Protocol Exploit Uncovered:
Security researchers have identified that attackers can manipulate malformed HTTP/2 control frames to break the maximum concurrent streams limit, effectively bypassing built-in protocol safeguards.
The attack method allows remote, unauthenticated attackers to cause substantial increases in CPU usage, potentially leading to complete denial of service on affected BIG-IP systems.
Key characteristics of this vulnerability include:
Attack Type: HTTP/2 MadeYouReset Attack using malformed control frames.
Authentication Required: None – remote, unauthenticated exploitation possible.
Primary Impact: CPU resource exhaustion leading to denial of service.
Classification: CWE-770 (Allocation of Resources Without Limits or Throttling).
Exposure Level: Data plane only, no control plane compromise.
F5 Internal IDs: 1937817 (BIG-IP), 1937817-5 (BIG-IP Next), 1937817-6 (Next SPK/CNF/K8s).
F5 Products Widely Affected:
The vulnerability affects an extensive range of F5 products, with BIG-IP systems bearing the brunt of the impact. Vulnerable versions include BIG-IP 17.x (versions 17.5.0-17.5.1 and 17.1.0-17.1.2), BIG-IP 16.x (versions 16.1.0-16.1.6), and BIG-IP 15.x (versions 15.1.0-15.1.10).
F5 has released engineering hotfixes for the 17.x and 16.x branches, specifically Hotfix-BIGIP-17.5.1.0.80.7-ENG.iso and Hotfix-BIGIP-17.1.2.2.0.259.12-ENG.iso for the 17.x series, and Hotfix-BIGIP-16.1.6.0.27.3-ENG.iso for the 16.x series.
BIG-IP Next products are also affected, including versions 20.3.0 and various SPK, CNF, and Kubernetes implementations.
However, several F5 products remain unaffected, including BIG-IQ Centralized Management, F5 Distributed Cloud services, NGINX products, F5OS systems, and F5 AI Gateway. F5 Silverline services are vulnerable only when HTTP/2 enabled proxy configurations are in use.
F5 strongly recommends immediate implementation of available hotfixes for affected systems, while acknowledging that engineering hotfixes do not undergo the extensive quality assurance testing of regular releases.
For organizations unable to immediately apply patches, F5 suggests several mitigation strategies. The primary recommendation is disabling HTTP/2 and reverting to HTTP where configurations allow this change.
