Details of VAR-202510-0946

ID

VAR-202510-0946

CVE

CVE-2025-53856

TITLE

F5 BIG-IP ePVA Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-25368

DESCRIPTION

When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (ePVA) feature, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. To determine which BIG-IP platforms have an ePVA chip refer to K12837: Overview of the ePVA feature https://my.f5.com/manage/s/article/K12837 . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial of service vulnerability exists in BIG-IP's ePVA module. An attacker could exploit this vulnerability to cause a denial of service on the BIG-IP system

Trust: 1.44

sources: NVD: CVE-2025-53856 // CNVD: CNVD-2025-25368

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-25368

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip ddos hybrid defender	scope:	lte	version:	17.5.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	15.1.10.8	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	16.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	gte	version:	17.5.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	17.1.3	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application visibility and reporting	scope:	lt	version:	16.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	17.5.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	15.1.10.8	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	lt	version:	15.1.10.8	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	17.5.0	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	lt	version:	15.1.10.8	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	16.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip ssl orchestrator	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip automation toolchain	scope:	lt	version:	15.1.10.8	Trust: 1.0
vendor:	f5	model:	big-ip automation toolchain	scope:	lte	version:	17.5.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	17.5.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	16.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	17.1.3	Trust: 1.0
vendor:	f5	model:	big-ip carrier-grade nat	scope:	lt	version:	17.1.3	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	16.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip container ingress services	scope:	lt	version:	15.1.10.8	Trust: 1.0
vendor:	f5	model:	big-ip application visibility and reporting	scope:	lt	version:	17.1.3	Trust: 1.0
vendor:	f5	model:	big-ip ssl orchestrator	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	16.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip automation toolchain	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip automation toolchain	scope:	gte	version:	17.5.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	17.5.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	17.1.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	16.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	lt	version:	16.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	lt	version:	17.1.3	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	lt	version:	16.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip container ingress services	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	lt	version:	15.1.10.8	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	17.1.3	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	17.1.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	17.5.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	17.5.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	17.1.3	Trust: 1.0
vendor:	f5	model:	big-ip application visibility and reporting	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	f5	model:	big-ip carrier-grade nat	scope:	lt	version:	16.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	lt	version:	17.1.3	Trust: 1.0
vendor:	f5	model:	big-ip ssl orchestrator	scope:	lte	version:	17.5.1	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	lt	version:	17.1.3	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	17.5.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	lt	version:	16.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip application visibility and reporting	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	f5	model:	big-ip automation toolchain	scope:	lt	version:	17.1.3	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	16.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	17.1.3	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	15.1.10.8	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	16.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	15.1.10.8	Trust: 1.0
vendor:	f5	model:	big-ip container ingress services	scope:	lt	version:	17.1.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	17.1.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	15.1.10.8	Trust: 1.0
vendor:	f5	model:	big-ip ssl orchestrator	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip ssl orchestrator	scope:	gte	version:	17.5.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	17.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	f5	model:	big-ip automation toolchain	scope:	lt	version:	16.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	lte	version:	17.5.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	17.5.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	16.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	17.5.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	17.5.0	Trust: 1.0
vendor:	f5	model:	big-ip container ingress services	scope:	lt	version:	16.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	16.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	15.1.10.8	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application visibility and reporting	scope:	lte	version:	17.5.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	gte	version:	17.5.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	17.5.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip container ingress services	scope:	lte	version:	17.5.1	Trust: 1.0
vendor:	f5	model:	big-ip carrier-grade nat	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip ssl orchestrator	scope:	lt	version:	17.1.3	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	17.1.3	Trust: 1.0
vendor:	f5	model:	big-ip application visibility and reporting	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip ssl orchestrator	scope:	lt	version:	15.1.10.8	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	17.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application visibility and reporting	scope:	gte	version:	17.5.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	lte	version:	17.5.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip carrier-grade nat	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	17.5.1	Trust: 1.0
vendor:	f5	model:	big-ip carrier-grade nat	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	17.5.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	17.5.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	16.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip carrier-grade nat	scope:	gte	version:	17.5.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	17.1.3	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	15.1.10.8	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	f5	model:	big-ip ssl orchestrator	scope:	lt	version:	16.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	16.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	17.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	17.1.3	Trust: 1.0
vendor:	f5	model:	big-ip automation toolchain	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	17.5.1	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip container ingress services	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	17.5.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	16.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	gte	version:	17.5.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	17.5.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	15.1.10.8	Trust: 1.0
vendor:	f5	model:	big-ip automation toolchain	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip carrier-grade nat	scope:	lt	version:	15.1.10.8	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application visibility and reporting	scope:	lt	version:	15.1.10.8	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip carrier-grade nat	scope:	lte	version:	17.5.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	17.5.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip container ingress services	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	15.1.10.8	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	17.5.0	Trust: 1.0
vendor:	f5	model:	big-ip container ingress services	scope:	gte	version:	17.5.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	15.1.10.8	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	17.1.3	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	15.1.10.8	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	17.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	15.1.10.8	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	17.5.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	17.1.3	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	15.1.10.8	Trust: 1.0
vendor:	f5	model:	big-ip	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-25368 // NVD: CVE-2025-53856

CVSS

SEVERITY

CVSSV2

CVSSV3

f5sirt@f5.com:	CVE-2025-53856
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-25368
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-25368
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

f5sirt@f5.com:	CVE-2025-53856
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-25368 // NVD: CVE-2025-53856

PROBLEMTYPE DATA

problemtype:	CWE-705	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0

sources: NVD: CVE-2025-53856

PATCH

title:

Patch for F5 BIG-IP ePVA Denial of Service Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/744116

Trust: 0.6

sources: CNVD: CNVD-2025-25368

EXTERNAL IDS

db:	NVD	id:	CVE-2025-53856	Trust: 1.6
db:	CNVD	id:	CNVD-2025-25368	Trust: 0.6

sources: CNVD: CNVD-2025-25368 // NVD: CVE-2025-53856

REFERENCES

url:	https://my.f5.com/manage/s/article/k000156707	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-53856	Trust: 0.6

sources: CNVD: CNVD-2025-25368 // NVD: CVE-2025-53856

SOURCES

db:	CNVD	id:	CNVD-2025-25368
db:	NVD	id:	CVE-2025-53856

LAST UPDATE DATE

2025-11-19T23:14:42.938000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-25368	date:	2025-10-27T00:00:00
db:	NVD	id:	CVE-2025-53856	date:	2025-10-21T20:19:02.110

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-25368	date:	2025-10-21T00:00:00
db:	NVD	id:	CVE-2025-53856	date:	2025-10-15T14:15:48.600