CVE-CVE-2025-53868 | HIGH Severity | CVEDatabase.com

Description

When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS Metrics

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector: network
Complexity: low
Privileges: high
User Action: none
Confidentiality: undefined
Integrity: undefined
Availability: undefined
Weaknesses: CWE-78

Metadata

Primary Vendor: F5
Published: 10/15/2025
Last Modified: 2/4/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

f5 : big-ip_access_policy_managerf5 : big-ip_advanced_firewall_managerf5 : big-ip_advanced_web_application_firewallf5 : big-ip_analyticsf5 : big-ip_application_acceleration_managerf5 : big-ip_application_security_managerf5 : big-ip_application_visibility_and_reportingf5 : big-ip_automation_toolchainf5 : big-ip_carrier-grade_natf5 : big-ip_container_ingress_servicesf5 : big-ip_ddos_hybrid_defenderf5 : big-ip_domain_name_systemf5 : big-ip_edge_gatewayf5 : big-ip_fraud_protection_servicef5 : big-ip_global_traffic_managerf5 : big-ip_link_controllerf5 : big-ip_local_traffic_managerf5 : big-ip_policy_enforcement_managerf5 : big-ip_ssl_orchestratorf5 : big-ip_webacceleratorf5 : big-ip_websafef5 : big-ip_access_policy_managerf5 : big-ip_advanced_firewall_managerf5 : big-ip_advanced_web_application_firewallf5 : big-ip_analyticsf5 : big-ip_application_acceleration_managerf5 : big-ip_application_security_managerf5 : big-ip_application_visibility_and_reportingf5 : big-ip_automation_toolchainf5 : big-ip_carrier-grade_natf5 : big-ip_container_ingress_servicesf5 : big-ip_ddos_hybrid_defenderf5 : big-ip_domain_name_systemf5 : big-ip_edge_gatewayf5 : big-ip_fraud_protection_servicef5 : big-ip_global_traffic_managerf5 : big-ip_link_controllerf5 : big-ip_local_traffic_managerf5 : big-ip_policy_enforcement_managerf5 : big-ip_ssl_orchestratorf5 : big-ip_webacceleratorf5 : big-ip_websafef5 : big-ip_access_policy_managerf5 : big-ip_access_policy_managerf5 : big-ip_advanced_firewall_managerf5 : big-ip_advanced_firewall_managerf5 : big-ip_advanced_web_application_firewallf5 : big-ip_advanced_web_application_firewallf5 : big-ip_analyticsf5 : big-ip_analyticsf5 : big-ip_application_acceleration_managerf5 : big-ip_application_acceleration_managerf5 : big-ip_application_security_managerf5 : big-ip_application_security_managerf5 : big-ip_application_visibility_and_reportingf5 : big-ip_application_visibility_and_reportingf5 : big-ip_automation_toolchainf5 : big-ip_automation_toolchainf5 : big-ip_carrier-grade_natf5 : big-ip_carrier-grade_natf5 : big-ip_container_ingress_servicesf5 : big-ip_container_ingress_servicesf5 : big-ip_ddos_hybrid_defenderf5 : big-ip_ddos_hybrid_defenderf5 : big-ip_domain_name_systemf5 : big-ip_domain_name_systemf5 : big-ip_edge_gatewayf5 : big-ip_edge_gatewayf5 : big-ip_fraud_protection_servicef5 : big-ip_fraud_protection_servicef5 : big-ip_global_traffic_managerf5 : big-ip_link_controllerf5 : big-ip_link_controllerf5 : big-ip_local_traffic_managerf5 : big-ip_local_traffic_managerf5 : big-ip_policy_enforcement_managerf5 : big-ip_policy_enforcement_managerf5 : big-ip_ssl_orchestratorf5 : big-ip_ssl_orchestratorf5 : big-ip_webacceleratorf5 : big-ip_webacceleratorf5 : big-ip_websafef5 : big-ip_websafe

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD