CVE-2025-54854 is an out-of-bounds read vulnerability classified under CWE-125 found in the F5 BIG-IP Application Policy Manager (APM) component when an OAuth access profile (either Resource Server or Resource Client) is configured on a virtual server. The vulnerability arises due to improper bounds checking when processing certain crafted network traffic, which leads to the apmd process terminating unexpectedly. This termination results in a denial-of-service condition affecting the availability of the BIG-IP device's access management functionality. The affected versions include 15.1.0, 16.1.0, 17.1.0, and 17.5.0, which are actively supported releases. The vulnerability can be exploited remotely without requiring authentication or user interaction, increasing its risk profile. The CVSS v3.1 base score is 7.5, reflecting high severity primarily due to the impact on availability (A:H) and ease of exploitation (AV:N/AC:L/PR:N/UI:N). No confidentiality or integrity impacts are noted. The vulnerability does not affect versions beyond end of technical support. As of the publication date, no public exploits or patches have been disclosed. The vulnerability could disrupt critical access control and traffic management services provided by BIG-IP devices, potentially affecting enterprise and service provider networks.

The primary impact of CVE-2025-54854 is denial of service caused by the termination of the apmd process on affected BIG-IP devices. This can disrupt access management and OAuth-based authentication flows, potentially preventing legitimate users from accessing protected resources. Organizations relying on BIG-IP for secure remote access, VPN termination, or API gateway functions may experience service outages or degraded security posture. The vulnerability does not expose confidential data or allow unauthorized access but can significantly impact operational continuity. Large enterprises, cloud providers, and service providers using BIG-IP in their network infrastructure could face downtime, affecting business operations and customer trust. The ease of remote exploitation without authentication increases the risk of automated attacks or scanning by threat actors. Although no known exploits exist yet, the high severity and widespread deployment of BIG-IP devices make this a critical issue to address promptly.

Organizations should immediately inventory their F5 BIG-IP devices to identify affected versions (15.1.0, 16.1.0, 17.1.0, 17.5.0) with OAuth access profiles configured on virtual servers. Until an official patch is released, consider the following mitigations: 1) Restrict network access to the vulnerable virtual servers by implementing strict firewall rules or network segmentation to limit exposure to untrusted sources. 2) Monitor BIG-IP system logs and the apmd process for abnormal terminations or crashes that may indicate exploitation attempts. 3) Disable or temporarily remove OAuth access profiles on virtual servers if feasible, to eliminate the attack vector. 4) Engage with F5 support for any available workarounds or hotfixes. 5) Implement robust incident response procedures to quickly detect and recover from potential denial-of-service events. 6) Plan for timely patching once F5 releases an official update addressing this vulnerability. Avoid exposing BIG-IP management interfaces or critical virtual servers directly to the internet without additional protective controls such as VPNs or zero-trust access models.