CVE-2025-53856
HIGHDescription
When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (ePVA) feature, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. To determine which BIG-IP platforms have an ePVA chip refer to K12837: Overview of the ePVA feature https://my.f5.com/manage/s/article/K12837 . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| f5 | big-ip_access_policy_manager |
| f5 | big-ip_advanced_firewall_manager |
| f5 | big-ip_advanced_web_application_firewall |
| f5 | big-ip_analytics |
| f5 | big-ip_application_acceleration_manager |
| f5 | big-ip_application_security_manager |
| f5 | big-ip_application_visibility_and_reporting |
| f5 | big-ip_automation_toolchain |
| f5 | big-ip_carrier-grade_nat |
| f5 | big-ip_container_ingress_services |
| f5 | big-ip_ddos_hybrid_defender |
| f5 | big-ip_domain_name_system |
| f5 | big-ip_edge_gateway |
| f5 | big-ip_fraud_protection_service |
| f5 | big-ip_global_traffic_manager |
| f5 | big-ip_link_controller |
| f5 | big-ip_local_traffic_manager |
| f5 | big-ip_policy_enforcement_manager |
| f5 | big-ip_ssl_orchestrator |
| f5 | big-ip_webaccelerator |
| f5 | big-ip_websafe |
| f5 | big-ip_access_policy_manager |
| f5 | big-ip_advanced_firewall_manager |
| f5 | big-ip_advanced_web_application_firewall |
| f5 | big-ip_analytics |
| f5 | big-ip_application_acceleration_manager |
| f5 | big-ip_application_security_manager |
| f5 | big-ip_application_visibility_and_reporting |
| f5 | big-ip_automation_toolchain |
| f5 | big-ip_carrier-grade_nat |
| f5 | big-ip_container_ingress_services |
| f5 | big-ip_ddos_hybrid_defender |
| f5 | big-ip_domain_name_system |
| f5 | big-ip_edge_gateway |
| f5 | big-ip_fraud_protection_service |
| f5 | big-ip_global_traffic_manager |
| f5 | big-ip_link_controller |
| f5 | big-ip_local_traffic_manager |
| f5 | big-ip_policy_enforcement_manager |
| f5 | big-ip_ssl_orchestrator |
| f5 | big-ip_webaccelerator |
| f5 | big-ip_websafe |
| f5 | big-ip_access_policy_manager |
| f5 | big-ip_access_policy_manager |
| f5 | big-ip_advanced_firewall_manager |
| f5 | big-ip_advanced_firewall_manager |
| f5 | big-ip_advanced_web_application_firewall |
| f5 | big-ip_advanced_web_application_firewall |
| f5 | big-ip_analytics |
| f5 | big-ip_analytics |
| f5 | big-ip_application_acceleration_manager |
| f5 | big-ip_application_acceleration_manager |
| f5 | big-ip_application_security_manager |
| f5 | big-ip_application_security_manager |
| f5 | big-ip_application_visibility_and_reporting |
| f5 | big-ip_application_visibility_and_reporting |
| f5 | big-ip_automation_toolchain |
| f5 | big-ip_automation_toolchain |
| f5 | big-ip_carrier-grade_nat |
| f5 | big-ip_carrier-grade_nat |
| f5 | big-ip_container_ingress_services |
| f5 | big-ip_container_ingress_services |
| f5 | big-ip_ddos_hybrid_defender |
| f5 | big-ip_ddos_hybrid_defender |
| f5 | big-ip_domain_name_system |
| f5 | big-ip_domain_name_system |
| f5 | big-ip_edge_gateway |
| f5 | big-ip_edge_gateway |
| f5 | big-ip_fraud_protection_service |
| f5 | big-ip_fraud_protection_service |
| f5 | big-ip_global_traffic_manager |
| f5 | big-ip_link_controller |
| f5 | big-ip_link_controller |
| f5 | big-ip_local_traffic_manager |
| f5 | big-ip_local_traffic_manager |
| f5 | big-ip_policy_enforcement_manager |
| f5 | big-ip_policy_enforcement_manager |
| f5 | big-ip_ssl_orchestrator |
| f5 | big-ip_ssl_orchestrator |
| f5 | big-ip_webaccelerator |
| f5 | big-ip_webaccelerator |
| f5 | big-ip_websafe |
| f5 | big-ip_websafe |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-53856? +
How severe is CVE-2025-53856? +
What products are affected by CVE-2025-53856? +
How do I check if I'm vulnerable to CVE-2025-53856? +
Related Vulnerabilities
A security vulnerability has been detected in ScriptAndTools Real Estate Management System 1.0. The affected element is an unknown function …
OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Incorrect Control Flow Scoping. The specific flaw exists within the BlueSDK Bluetooth …
A flaw has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The affected element is an unknown function of the …
An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid …
When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code …
Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker …