CVE-2025-53521
Published: 15 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-53521 is a stack-based buffer overflow vulnerability (CWE-121) in F5 BIG-IP Access Policy Manager (APM). It affects systems where an APM access policy is configured on a virtual server, allowing specific malicious traffic to trigger remote code execution (RCE). The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical. Software versions that have reached End of Technical Support (EoTS) are not evaluated for this issue.
An unauthenticated attacker with network access can exploit the vulnerability by sending crafted traffic to the affected virtual server. No user interaction or privileges are required, enabling low-complexity remote exploitation that results in full confidentiality, integrity, and availability impacts through arbitrary code execution on the BIG-IP system.
F5 has published a security advisory at https://my.f5.com/manage/s/article/K000156741 with details on affected versions and mitigation steps. The vulnerability is also listed in CISA's Known Exploited Vulnerabilities catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53521, indicating active real-world exploitation.
Details
- CWE(s)
- KEV Date Added
- 27 March 2026
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows unauthenticated remote code execution via crafted traffic to a public-facing BIG-IP APM virtual server, directly mapping to exploitation of public-facing applications.