InfoSecBulletin Cybersecurity for mankind
F5 Networks has revealed a new HTTP/2 vulnerability impacting several BIG-IP products, which could enable remote attackers to conduct denial-of-service attacks on corporate networks.
The security flaw named CVE-2025-54500, known as the “HTTP/2 MadeYouReset Attack,” was announced on August 13, 2025, with updates on August 15.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
The vulnerability exploits malformed HTTP/2 control frames to overwhelm systems and has been assigned a medium severity rating with CVSS scores of 5.3 (v3.1) and 6.9 (v4.0).
HTTP/2 Protocol Exploit Uncovered:
Security researchers have identified that attackers can manipulate malformed HTTP/2 control frames to break the maximum concurrent streams limit, effectively bypassing built-in protocol safeguards.
The attack method allows remote, unauthenticated attackers to cause substantial increases in CPU usage, potentially leading to complete denial of service on affected BIG-IP systems.
Key characteristics of this vulnerability include:
Attack Type: HTTP/2 MadeYouReset Attack using malformed control frames.
Authentication Required: None – remote, unauthenticated exploitation possible.
Primary Impact: CPU resource exhaustion leading to denial of service.
Classification: CWE-770 (Allocation of Resources Without Limits or Throttling).
Exposure Level: Data plane only, no control plane compromise.
F5 Internal IDs: 1937817 (BIG-IP), 1937817-5 (BIG-IP Next), 1937817-6 (Next SPK/CNF/K8s).
F5 Products Widely Affected:
The vulnerability affects an extensive range of F5 products, with BIG-IP systems bearing the brunt of the impact. Vulnerable versions include BIG-IP 17.x (versions 17.5.0-17.5.1 and 17.1.0-17.1.2), BIG-IP 16.x (versions 16.1.0-16.1.6), and BIG-IP 15.x (versions 15.1.0-15.1.10).
F5 has released engineering hotfixes for the 17.x and 16.x branches, specifically Hotfix-BIGIP-17.5.1.0.80.7-ENG.iso and Hotfix-BIGIP-17.1.2.2.0.259.12-ENG.iso for the 17.x series, and Hotfix-BIGIP-16.1.6.0.27.3-ENG.iso for the 16.x series.
BIG-IP Next products are also affected, including versions 20.3.0 and various SPK, CNF, and Kubernetes implementations.
However, several F5 products remain unaffected, including BIG-IQ Centralized Management, F5 Distributed Cloud services, NGINX products, F5OS systems, and F5 AI Gateway. F5 Silverline services are vulnerable only when HTTP/2 enabled proxy configurations are in use.
F5 strongly recommends immediate implementation of available hotfixes for affected systems, while acknowledging that engineering hotfixes do not undergo the extensive quality assurance testing of regular releases.
For organizations unable to immediately apply patches, F5 suggests several mitigation strategies. The primary recommendation is disabling HTTP/2 and reverting to HTTP where configurations allow this change.
