3 matches found
CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager APM to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-53521 CVSS v4...
CVE-2025-53521 BigIP APM Vulnerability
When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution RCE. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-53521
CVE-2025-53521 affects BIG-IP APM. A stack-based overflow in the APM component can allow unauthenticated remote code execution when an APM access policy is configured on a virtual server. Exploitation has been observed in the wild (per advisories and media). Remediation involves upgrading to fixe...