CVE-2025-53521: F5 BIG-IP Stack-Based Buffer Overflow Vulnerability

CVE ID

CVE-2025-53521

Vulnerability Name

F5 BIG-IP Stack-Based Buffer Overflow Vulnerability

• Project: F5
• Product: BIG-IP

Date

• Date Added: 2026-03-27
• Due Date: 2026-03-30

Description

F5 BIG-IP APM contains a stack-based buffer overflow vulnerability that could allow a threat actor to achieve remote code execution.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

Please adhere to F5’s guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible F5 products affected by this vulnerability. For more information please see: https://my.f5.com/manage/s/article/K000156741 ; https://my.f5.com/manage/s/article/K000160486 ; https://my.f5.com/manage/s/article/K11438344 ; https://nvd.nist.gov/vuln/detail/CVE-2025-53521

Related Security News

• Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks
• Hackers exploiting critical F5 BIG-IP flaw in attacks, patch now
• Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521)
• CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List