CVE-2025-53521CRITICAL 9.8CISA KEVEPSS p80.6%

CVE-2025-53521F5 BIG-IP Stack-Based Buffer Overflow Vulnerability

F5 / BIG-IP

Description

F5 BIG-IP APM contains a stack-based buffer overflow vulnerability that could allow a threat actor to achieve remote code execution.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS2.25% probability of exploitation · percentile 80.6% · 2026-06-18T12:00:27Z
Published2025-10-15
Last modified2026-04-02

CISA KEV entry

Added to KEV: 2026-03-27

Underlying weaknesses· 1

CWE-121

References

  1. https://my.f5.com/manage/s/article/K000156741
  2. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53521

1

TypeTargetConfidenceTier
WeaknessStack-based Buffer Overflowcwe-1210%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryF5 BIG-IP Stack-Based Buffer Overflow Vulnerabilitykev-cve-2025-535210%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
F5 BIG-IP Traffic Management Microkernel Buffer Overflow
CVE
CVE-2025-53843
CVE
CVE-2025-58413
CVE
CVE-2025-54820
CVE
F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability
CVE
F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.