CVE-2025-54854
Published: 15 October 2025
Summary
CVE-2025-54854 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in F5 Big-Ip Access Policy Manager. Its CVSS base score is 8.7 (High).
Operationally, ranked at the 25.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-34628
Vulnerability details
When a BIG-IP APM OAuth access profile (Resource Server or Resource Client) is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not…
more
evaluated.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.