F5 Fixes HTTP/2 Flaw Affecting Multiple Products in Massive DoS Attacks
gbhackers
F5 Networks has disclosed a new HTTP/2 vulnerability affecting multiple BIG-IP products that could allow attackers to launch denial-of-service attacks against enterprise networks.
The vulnerability, designated CVE-2025-54500 and published on August 13, 2025, exploits a flaw in HTTP/2 implementation that enables malicious actors to overwhelm systems using specially crafted control frames, potentially disrupting critical network infrastructure for organizations worldwide.
New Attack Targets HTTP/2 Protocol
The newly identified vulnerability, known as the “HTTP/2 MadeYouReset Attack,” represents a significant security concern for organizations relying on F5’s BIG-IP systems for load balancing and application delivery.
The attack works by exploiting malformed HTTP/2 control frames to break the maximum concurrent streams limit, allowing remote, unauthenticated attackers to cause substantial increases in CPU usage that can lead to complete system denial-of-service.
F5’s security advisory classifies this vulnerability under CWE-770: Allocation of Resources Without Limits or Throttling ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE