Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-53856
CVE-2025-53856:
F5 BIG-IP Virtual Edition vulnerability analysis and mitigation
Overview
CVE-2025-53856 is a vulnerability affecting F5's BIG-IP products when using the embedded Packet Velocity Acceleration (ePVA) feature. The vulnerability was discovered and disclosed on October 15, 2025. The issue affects virtual servers, network address translation (NAT) objects, or secure network address translation (SNAT) objects that utilize the ePVA feature. This vulnerability impacts multiple versions of BIG-IP products, including versions 15.1.x, 16.1.x, 17.1.x, and 17.5.x (NVD Database).
Technical details
The vulnerability occurs when undisclosed traffic causes the Traffic Management Microkernel (TMM) to terminate when using the ePVA feature. The severity of this vulnerability has been assessed with a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Additionally, under CVSS v4.0, it received a score of 8.7 (HIGH) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N (NVD Database).
Impact
The primary impact of this vulnerability is the potential termination of the Traffic Management Microkernel (TMM), which could lead to a denial of service condition. This affects the availability of services running on affected BIG-IP devices, particularly those utilizing the ePVA feature (NVD Database).
Mitigation and workarounds
F5 has released patches as part of their October 2025 Quarterly Security Notification. Organizations are strongly urged to update their BIG-IP software as soon as possible. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also issued emergency directive (ED) 26-01 recommending immediate patching and hardening of public-facing BIG-IP devices (Tenable Blog).
Community reactions
The vulnerability disclosure coincided with F5's announcement of a security incident involving a nation-state threat actor who had gained access to their systems between August and October 2025. This context has heightened the urgency of addressing this vulnerability, with CISA issuing an emergency directive for federal agencies (Tenable Blog).
Additional resources
Source: This report was generated using AI
Related F5 BIG-IP Virtual Edition vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management