CVE-2025-53521 | When a BIG-IP APM access policy is configured on a virtual s… | CVSS 9.8 CRITICAL

Description

When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Metadata

CVE ID: CVE-2025-53521
State: PUBLISHED
Assigner: f5
Reserved: 2025-10-03 23:04 UTC
Published: 2025-10-15 13:55 UTC
Last updated: 2026-03-31 16:04 UTC
Primary CWE: CWE-121
CWE-121 Stack-based Buffer Overflow
Vendor / Product: F5 / BIG-IP
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: ACTIVE
Automatable: yes
Tech. Impact: total

CISA Known Exploited Vulnerability

Vulnerability name: F5 BIG-IP Stack-Based Buffer Overflow Vulnerability
Vendor: F5
Product: BIG-IP
Added to KEV: 2026-03-27
Due date: 2026-03-30
Ransomware: Not known

Required action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA description

F5 BIG-IP APM contains a stack-based buffer overflow vulnerability that could allow a threat actor to achieve remote code execution.

Affected products (1)

Vendor	Product	Platform	Versions
F5	BIG-IP	—	17.5.0 < 17.5.1.3, 17.1.0 < 17.1.3, 16.1.0 < 16.1.6.1, 15.1.0 < 15.1.10.8

Weakness (CWE)

CWE	Source	Description
CWE-121	cna	CWE-121 Stack-based Buffer Overflow

CVSS scores (2)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3	CRITICAL	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References (1)

https://my.f5.com/manage/s/article/K000156741