CVE-2025-53521

Q: What is the severity of CVE-2025-53521?

CVE-2025-53521 has a CVSS score of 7.5 (HIGH). This vulnerability in BIG-IP APM allows undisclosed traffic to cause TMM (Traffic Management Microkernel) to terminate when an Access Policy is configured. This affects BIG-IP systems running vulnerable versions with APM Access Policies enabled. The TMM termination results in service disruption for traffic handled by the affected virtual server.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability in BIG-IP APM allows undisclosed traffic to cause TMM (Traffic Management Microkernel) to terminate when an Access Policy is configured. This affects BIG-IP systems running vulnerable versions with APM Access Policies enabled. The TMM termination results in service disruption for traffic handled by the affected virtual server.

💻 Affected Systems

Products:

F5 BIG-IP with APM module

Versions: Specific versions not provided in description; refer to F5 advisory K000156741 for exact affected versions

Operating Systems: F5 TMOS

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when BIG-IP APM Access Policy is configured on a virtual server. Systems without APM or without Access Policies configured are not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service for all traffic passing through the affected virtual server, potentially affecting multiple applications and services.

🟠

Likely Case

Intermittent service disruption as TMM restarts, causing connection drops and temporary unavailability of applications behind the APM policy.

🟢

If Mitigated

Limited impact to single virtual server if proper segmentation and redundancy are in place.

🌐 Internet-Facing: HIGH - Internet-facing BIG-IP systems with APM policies are directly exposed to potential exploitation attempts.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but require attacker access to internal network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Undisclosed traffic suggests unauthenticated network traffic can trigger the vulnerability. No public exploit details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to F5 advisory K000156741 for specific fixed versions

Vendor Advisory: https://my.f5.com/manage/s/article/K000156741

Restart Required: Yes

Instructions:

1. Review F5 advisory K000156741 for affected versions. 2. Upgrade to fixed version per F5 documentation. 3. Restart TMM services after patching. 4. Verify APM functionality post-upgrade.

🔧 Temporary Workarounds

Disable APM Access Policy

all

Remove or disable APM Access Policy from vulnerable virtual servers

tmsh modify ltm virtual <virtual_server_name> policies remove { <apm_policy_name> }

Implement Network Controls

all

Restrict access to vulnerable virtual servers using firewall rules

🧯 If You Can't Patch

Implement strict network segmentation to limit access to vulnerable virtual servers
Monitor TMM process health and implement automated restart procedures

🔍 How to Verify

Check if Vulnerable:

Check if BIG-IP version is listed as vulnerable in F5 advisory K000156741 and verify APM Access Policy configuration on virtual servers

Check Version:

tmsh show sys version

Verify Fix Applied:

Verify BIG-IP version is updated to fixed version and test APM functionality with simulated traffic

📡 Detection & Monitoring

Log Indicators:

TMM process termination/restart events in /var/log/ltm
APM policy failure logs
Increased TMM restart frequency

Network Indicators:

Unexpected traffic patterns to APM-configured virtual servers
Service disruption events correlated with specific traffic

SIEM Query:

source="bigip.log" AND ("TMM terminated" OR "TMM restart" OR "apm policy error")

📊 Metadata

CVE ID: CVE-2025-53521

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

EPSS Score: 0.13% exploit probability (32.9th percentile)

Published: October 15, 2025

Last Updated: October 21, 2025

🔗 References

https://my.f5.com/manage/s/article/K000156741 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Automation Toolchain by F5

Big Ip Automation Toolchain by F5

Big Ip Automation Toolchain by F5

Big Ip Automation Toolchain by F5

Big Ip Carrier Grade Nat by F5

Big Ip Carrier Grade Nat by F5

Big Ip Carrier Grade Nat by F5

Big Ip Carrier Grade Nat by F5

Big Ip Container Ingress Services by F5

Big Ip Container Ingress Services by F5

Big Ip Container Ingress Services by F5

Big Ip Container Ingress Services by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Edge Gateway by F5

Big Ip Edge Gateway by F5

Big Ip Edge Gateway by F5

Big Ip Edge Gateway by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Global Traffic Manager by F5

Big Ip Global Traffic Manager by F5

Big Ip Global Traffic Manager by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

Big Ip Webaccelerator by F5

Big Ip Webaccelerator by F5