CVEFinder.io

CVE-2025-53856

⚠️ high
🔍 Scan for this CVE
Summary

When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (ePVA) feature, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  To determine which BIG-IP platforms have an ePVA chip refer to K12837: Overview of the ePVA feature https://my.f5.com/manage/s/article/K12837 .  Note: Software versions which have reached End of Technical Support (EoTS) are not evalu

Description

When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (ePVA) feature, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  To determine which BIG-IP platforms have an ePVA chip refer to K12837: Overview of the ePVA feature https://my.f5.com/manage/s/article/K12837 .  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS Score
7.5
High
EPSS Score
0.1
Exploit Probability
Published Date
2025-10-15
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.4% of all 317,883 vulnerabilities in our database.

#97,299
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Oct 15, 2025
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
F5
SSVC data provided by CISA
Last Modified 2025-10-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Vector 4.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)
CWE-705

📦 Affected Products 83

Vendor Product Status Affected Versions
f5 big-ip_local_traffic_manager Affected
≥ 15.1.0 < 15.1.10.8
f5 big-ip_local_traffic_manager Affected
≥ 16.1.0 < 16.1.6.1
f5 big-ip_local_traffic_manager Affected
≥ 17.1.0 < 17.1.3
f5 big-ip_local_traffic_manager Affected
≥ 17.5.0 ≤ 17.5.1
f5 big-ip_global_traffic_manager Affected
≥ 15.1.0 < 15.1.10.8
f5 big-ip_global_traffic_manager Affected
≥ 16.1.0 < 16.1.6.1
f5 big-ip_global_traffic_manager Affected
≥ 17.1.0 < 17.1.3
f5 big-ip_application_security_manager Affected
≥ 15.1.0 < 15.1.10.8
f5 big-ip_application_security_manager Affected
≥ 16.1.0 < 16.1.6.1
f5 big-ip_application_security_manager Affected
≥ 17.1.0 < 17.1.3
f5 big-ip_application_security_manager Affected
≥ 17.5.0 ≤ 17.5.1
f5 big-ip_access_policy_manager Affected
≥ 15.1.0 < 15.1.10.8
f5 big-ip_access_policy_manager Affected
≥ 16.1.0 < 16.1.6.1
f5 big-ip_access_policy_manager Affected
≥ 17.1.0 < 17.1.3
f5 big-ip_access_policy_manager Affected
≥ 17.5.0 ≤ 17.5.1
f5 big-ip_edge_gateway Affected
≥ 15.1.0 < 15.1.10.8
f5 big-ip_edge_gateway Affected
≥ 16.1.0 < 16.1.6.1
f5 big-ip_edge_gateway Affected
≥ 17.1.0 < 17.1.3
f5 big-ip_edge_gateway Affected
≥ 17.5.0 ≤ 17.5.1
f5 big-ip_application_acceleration_manager Affected
≥ 15.1.0 < 15.1.10.8
f5 big-ip_application_acceleration_manager Affected
≥ 16.1.0 < 16.1.6.1
f5 big-ip_application_acceleration_manager Affected
≥ 17.1.0 < 17.1.3
f5 big-ip_application_acceleration_manager Affected
≥ 17.5.0 ≤ 17.5.1
f5 big-ip_advanced_firewall_manager Affected
≥ 15.1.0 < 15.1.10.8
f5 big-ip_advanced_firewall_manager Affected
≥ 16.1.0 < 16.1.6.1
f5 big-ip_advanced_firewall_manager Affected
≥ 17.1.0 < 17.1.3
f5 big-ip_advanced_firewall_manager Affected
≥ 17.5.0 ≤ 17.5.1
f5 big-ip_analytics Affected
≥ 15.1.0 < 15.1.10.8
f5 big-ip_analytics Affected
≥ 16.1.0 < 16.1.6.1
f5 big-ip_analytics Affected
≥ 17.1.0 < 17.1.3
f5 big-ip_analytics Affected
≥ 17.5.0 ≤ 17.5.1
f5 big-ip_link_controller Affected
≥ 15.1.0 < 15.1.10.8
f5 big-ip_link_controller Affected
≥ 16.1.0 < 16.1.6.1
f5 big-ip_link_controller Affected
≥ 17.1.0 < 17.1.3
f5 big-ip_link_controller Affected
≥ 17.5.0 ≤ 17.5.1
f5 big-ip_policy_enforcement_manager Affected
≥ 15.1.0 < 15.1.10.8
f5 big-ip_policy_enforcement_manager Affected
≥ 16.1.0 < 16.1.6.1
f5 big-ip_policy_enforcement_manager Affected
≥ 17.1.0 < 17.1.3
f5 big-ip_policy_enforcement_manager Affected
≥ 17.5.0 ≤ 17.5.1
f5 big-ip_webaccelerator Affected
≥ 15.1.0 < 15.1.10.8
f5 big-ip_webaccelerator Affected
≥ 16.1.0 < 16.1.6.1
f5 big-ip_webaccelerator Affected
≥ 17.1.0 < 17.1.3
f5 big-ip_webaccelerator Affected
≥ 17.5.0 ≤ 17.5.1
f5 big-ip_domain_name_system Affected
≥ 15.1.0 < 15.1.10.8
f5 big-ip_domain_name_system Affected
≥ 16.1.0 < 16.1.6.1
f5 big-ip_domain_name_system Affected
≥ 17.1.0 < 17.1.3
f5 big-ip_domain_name_system Affected
≥ 17.5.0 ≤ 17.5.1
f5 big-ip_websafe Affected
≥ 15.1.0 < 15.1.10.8
f5 big-ip_websafe Affected
≥ 16.1.0 < 16.1.6.1
f5 big-ip_websafe Affected
≥ 17.1.0 < 17.1.3
f5 big-ip_websafe Affected
≥ 17.5.0 ≤ 17.5.1
f5 big-ip_fraud_protection_service Affected
≥ 15.1.0 < 15.1.10.8
f5 big-ip_fraud_protection_service Affected
≥ 16.1.0 < 16.1.6.1
f5 big-ip_fraud_protection_service Affected
≥ 17.1.0 < 17.1.3
f5 big-ip_fraud_protection_service Affected
≥ 17.5.0 ≤ 17.5.1
f5 big-ip_advanced_web_application_firewall Affected
≥ 15.1.0 < 15.1.10.8
f5 big-ip_advanced_web_application_firewall Affected
≥ 16.1.0 < 16.1.6.1
f5 big-ip_advanced_web_application_firewall Affected
≥ 17.1.0 < 17.1.3
f5 big-ip_advanced_web_application_firewall Affected
≥ 17.5.0 ≤ 17.5.1
f5 big-ip_ddos_hybrid_defender Affected
≥ 15.1.0 < 15.1.10.8
f5 big-ip_ddos_hybrid_defender Affected
≥ 16.1.0 < 16.1.6.1
f5 big-ip_ddos_hybrid_defender Affected
≥ 17.1.0 < 17.1.3
f5 big-ip_ddos_hybrid_defender Affected
≥ 17.5.0 ≤ 17.5.1
f5 big-ip_ssl_orchestrator Affected
≥ 15.1.0 < 15.1.10.8
f5 big-ip_ssl_orchestrator Affected
≥ 16.1.0 < 16.1.6.1
f5 big-ip_ssl_orchestrator Affected
≥ 17.1.0 < 17.1.3
f5 big-ip_ssl_orchestrator Affected
≥ 17.5.0 ≤ 17.5.1
f5 big-ip_carrier-grade_nat Affected
≥ 15.1.0 < 15.1.10.8
f5 big-ip_carrier-grade_nat Affected
≥ 16.1.0 < 16.1.6.1
f5 big-ip_carrier-grade_nat Affected
≥ 17.1.0 < 17.1.3
f5 big-ip_carrier-grade_nat Affected
≥ 17.5.0 ≤ 17.5.1
f5 big-ip_application_visibility_and_reporting Affected
≥ 15.1.0 < 15.1.10.8
f5 big-ip_application_visibility_and_reporting Affected
≥ 16.1.0 < 16.1.6.1
f5 big-ip_application_visibility_and_reporting Affected
≥ 17.1.0 < 17.1.3
f5 big-ip_application_visibility_and_reporting Affected
≥ 17.5.0 ≤ 17.5.1
f5 big-ip_automation_toolchain Affected
≥ 15.1.0 < 15.1.10.8
f5 big-ip_automation_toolchain Affected
≥ 16.1.0 < 16.1.6.1
f5 big-ip_automation_toolchain Affected
≥ 17.1.0 < 17.1.3
f5 big-ip_automation_toolchain Affected
≥ 17.5.0 ≤ 17.5.1
f5 big-ip_container_ingress_services Affected
≥ 15.1.0 < 15.1.10.8
f5 big-ip_container_ingress_services Affected
≥ 16.1.0 < 16.1.6.1
f5 big-ip_container_ingress_services Affected
≥ 17.1.0 < 17.1.3
f5 big-ip_container_ingress_services Affected
≥ 17.5.0 ≤ 17.5.1

🔗 References 1

https://my.f5.com/manage/s/article/K000156707
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-20732 ℹ️ low 3.1 0.1 A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error mes... 2026-02-04
CVE-2026-22548 🔶 medium 5.9 0.1 When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with con... 2026-02-04
CVE-2026-20730 ℹ️ low 3.3 0.0 A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access ... 2026-02-04
CVE-2026-22549 🔶 medium 4.9 0.1 A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secr... 2026-02-04
CVE-2025-46706 ⚠️ high 7.5 0.1 When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an ... 2025-10-15
CVE-2025-48008 ⚠️ high 7.5 0.1 When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with ... 2025-10-15
These CVEs affect the same products