What is CVE-2022-35240?

A high-severity vulnerability in F5 BIG-IP could lead to increased memory resource utilization. Organizations are urged to prioritize patching affected versions immediately to mitigate risks.

What is the severity of CVE-2022-35240?

CVE-2022-35240 has a severity rating of HIGH with a CVSS base score of 7.5.

CVE-2022-35240 | High Vulnerability in F5 BIG-IP

CVE-2022-35240 is a high-severity vulnerability affecting F5 BIG-IP products. Specifically, this vulnerability allows for an increase in memory resource utilization when the Message Routing (MR) Message Queuing Telemetry Transport (MQTT) profile is configured on a virtual server. The affected versions include BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5. Organizations should be aware that software versions that have reached End of Technical Support (EoTS) are not evaluated and thus may be vulnerable.

With a CVSS score of 7.5, the risk to organizations includes potential service interruptions due to excessive memory consumption. Attackers may leverage this vulnerability to induce denial-of-service conditions, impacting the availability of critical services. Given the nature of the vulnerability and its potential impact, organizations should prioritize patching immediately.

The vulnerability was published on August 4, 2022, and remains relevant as organizations continue to use affected versions of BIG-IP products. The urgency for defenders to act is heightened by the potential operational disruptions that could arise from exploitation.

Currently, there are no known public exploits, but organizations should remain vigilant as the situation can evolve. Regular monitoring and prompt updating of systems are essential to mitigate risks associated with this vulnerability.

Vulnerability Details

This vulnerability allows for an increase in memory resource utilization in F5 BIG-IP when the MQTT profile is configured. The relevant CVE details are as follows:

CVSS Score: 7.5 (High Severity)

Affected Products: F5 BIG-IP Access Policy Manager, Advanced Firewall Manager, Analytics, Application Acceleration Manager, Application Security Manager, Domain Name System, Fraud Protection Service, Global Traffic Manager, Link Controller, Local Traffic Manager, Policy Enforcement Manager.

CWE Classification: CWE-404

Technical Analysis

The root cause of this vulnerability lies in the handling of requests processed by the MQTT profile under certain configurations. The attack vector is network-based, requiring no privileges or user interaction, thus allowing remote attackers to exploit the vulnerability easily.

The attack complexity is low, meaning that an exploit can be executed without significant effort. The availability impact is high, as the increased memory usage can lead to service disruptions.

Risk & Impact Analysis

Real-world deployment of affected systems may expose organizations to heightened risks. The potential for denial-of-service conditions due to increased memory utilization can lead to significant operational disruptions and loss of service availability. Organizations should assess their exposure and prioritize remediation efforts accordingly.

Given the CVSS score of 7.5, organizations should treat this vulnerability with high urgency. Continuous monitoring and proactive patching measures are recommended to mitigate risks associated with this vulnerability.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability affects the following versions of F5 BIG-IP products:

Affected Versions: BIG-IP 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.

Mitigation & Remediation

F5 has released patches for the affected versions. Organizations should upgrade to the latest available versions to address this vulnerability. If immediate upgrading is not possible, consider disabling the Message Routing MQTT profile on affected virtual servers to mitigate risk.

For ongoing security assurance, organizations may also consider implementing penetration testing to identify similar weaknesses in their environments.

Detection Guidance

Organizations should monitor their systems for unusual memory usage patterns, especially on virtual servers configured with the MQTT profile. Log indicators and behavioral anomalies can help detect potential exploitation attempts.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in its potential to affect critical services provided by F5 BIG-IP systems. Organizations must stay updated on patch releases and conduct regular security assessments to mitigate similar vulnerabilities in the future.

This incident highlights the importance of continuous monitoring and proactive vulnerability management. Security teams should prioritize learning from such vulnerabilities to strengthen their overall security posture.

For further reading on security best practices, organizations can refer to resources on penetration testing methodology and other relevant security strategies.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2022-35240: High Vulnerability in F5 BIG-IP