Critical severity9.8CISA KEVNVD Advisory· Published Oct 15, 2025· Updated Apr 2, 2026
CVE-2025-53521
CVE-2025-53521
Description
When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
2- my.f5.com/manage/s/article/K000156741nvdVendor Advisory
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
4- From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and ConfluenceMicrosoft Security Blog · May 22, 2026
- 6th April – Threat Intelligence ReportCheck Point Research · Apr 6, 2026
- NCSC Urges Immediate Patching of F5 BIG-IP BugInfosecurity Magazine · Mar 31, 2026
- Vulnerability affecting F5 BIG-IP APMNCSC UK · Mar 30, 2026