Vulnerability intelligence
CVE-2025-53521
F5 BIG-IP Stack-Based Buffer Overflow Vulnerability
When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
9.8
Critical
EPSS — Exploit Probability
2.2%
Riskier than 81% of all CVEs
Exploitation
Confirmed in the wild
Used in ransomware campaigns
Remediation
Patch available
Federal deadline 2026-03-30
CISA required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2026-03-30.
3 articles across 3 outlets · first covered Mar 31, 2026 · latest Apr 6, 2026
Tracked incidents
Coverage timeline
-
F5 BIGIP APM Servers Exposed as CVE-2025-53521 Actively Exploitedsecurityaffairs.com · Apr 6, 2026
-
CVE-2025-53521: F5 BIG-IP APM Flaw Reclassified as Unauthenticated RCEsocradar.io · Apr 1, 2026
-
NCSC Urges Immediate Patching of F5 BIG-IP Bugwww.infosecurity-magazine.com · Mar 31, 2026