How ZeroPath Works
Back to Blog

F5 VELOS F5OS-C Partition Control Plane: CVE-2025-59778 Resource Allocation Vulnerability – Brief Summary

This post provides a brief summary of CVE-2025-59778, a resource allocation vulnerability affecting F5 VELOS F5OS-C partition control planes with the Allowed IP Addresses feature enabled. It covers affected versions, technical details, and vendor security context based on available advisories and technical documentation.
CVE Analysis

8 min read

ZeroPath CVE Analysis

ZeroPath CVE Analysis

2025-10-15

F5 VELOS F5OS-C Partition Control Plane: CVE-2025-59778 Resource Allocation Vulnerability – Brief Summary
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

Unexpected loss of management access and cascading service failures in F5 VELOS environments can disrupt both operational visibility and application delivery. CVE-2025-59778 highlights a critical resource allocation flaw in the F5OS-C partition control plane, specifically when the Allowed IP Addresses feature is enabled. This vulnerability allows certain network traffic to cause multiple containers to terminate, resulting in denial of service for partition management and potentially affecting tenant workloads.

About F5 VELOS and F5OS-C: F5 Networks is a leading provider of application delivery and network infrastructure solutions, with a global customer base spanning enterprises, service providers, and government. The VELOS platform is F5's modular, chassis-based system designed for high-performance, multi-tenant environments. F5OS-C is the containerized operating system powering VELOS partitions, offering advanced management and automation features.

Technical Information

CVE-2025-59778 is rooted in improper resource allocation within the F5OS-C partition control plane when the Allowed IP Addresses feature is configured. The vulnerability is classified under CWE-770 (Allocation of Resources Without Limits or Throttling). When specific, undisclosed network traffic is processed by the partition control plane, the validation logic for Allowed IP Addresses fails to properly throttle or limit resource usage. This leads to excessive consumption of system resources, ultimately causing multiple containers within the partition to terminate. The result is a denial of service for management interfaces (CLI, GUI, API) and potential disruption of tenant applications that rely on partition-level services. The exact nature of the triggering traffic is not disclosed in public advisories, likely to prevent immediate exploitation.

Affected Systems and Versions

  • Product: F5 VELOS F5OS-C
  • Affected versions:
    • 1.6.0 through all 1.6.x releases
    • 1.8.0 through 1.8.1
  • Only systems where the Allowed IP Addresses feature is configured on the partition control plane are vulnerable
  • Systems running versions that have reached End of Technical Support (EoTS) are not evaluated

Vendor Security History

F5 Networks has a track record of responsible vulnerability disclosure and timely patch releases, including quarterly security notifications and detailed advisories. Previous vulnerabilities in F5OS and BIG-IP products have included resource exhaustion, authentication bypass, and remote code execution issues. The shift to containerized architectures in F5OS-C has introduced new security challenges, as reflected in recent advisories.

References

Detect & fix
what others miss

Get startedBook a demo