TMM vulnerability_CVE-2025-53856

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (ePVA) feature, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. To determine which BIG-IP platforms have an ePVA chip refer to K12837: Overview of the ePVA feature https://my.f5.com/manage/s/article/K12837 . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Basic Information

ID CVE-2025-53856

Source f5

Published Oct 15, 2025 at 13:55

Affected Product

Vendor F5

Product BIG-IP

Version 17.5.0

Affected Versions F5 BIG-IP 17.5.0
F5 BIG-IP 17.1.0
F5 BIG-IP 16.1.0
F5 BIG-IP 15.1.0

CWE Classification

CWE-705

References

my.f5.com /manage/s/article/K000156707

{
    "lastseen": "",
    "description": "When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (ePVA) feature, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.\u00a0 To determine which BIG-IP platforms have an ePVA chip refer to  K12837: Overview of the ePVA feature https://my.f5.com/manage/s/article/K12837 .\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
    "published": "2025-10-15T13:55:49.991Z",
    "modified": "2025-10-15T13:55:49.991Z",
    "type": "cve",
    "title": "TMM vulnerability",
    "source": "f5",
    "references": "https://my.f5.com/manage/s/article/K000156707",
    "id": "CVE-2025-53856",
    "bulletinFamily": "",
    "cwe": [
        "CWE-705"
    ],
    "cvelist": null,
    "sourceData": "F5 BIG-IP 17.5.0\nF5 BIG-IP 17.1.0\nF5 BIG-IP 16.1.0\nF5 BIG-IP 15.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BIG-IP",
    "version": "17.5.0",
    "vendor": "F5",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}