CVE-2025-53521: F5 BIG-IP Stack-Based Buffer Overflow Vulnerability

When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2025-53521CVSS 9.3CISA KEVKnown Exploited

CVE-2025-53521: F5 BIG-IP Stack-Based Buffer Overflow Vulnerability

When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS
9.3 CRITICAL
EPSS
80.74%
Known exploited
yes
Product
BIG-IP

What is known

When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Sources