{"cve":{"cve_id":"CVE-2025-53521","is_kev":true,"kev_date_added":"2026-03-27","kev_vendor_project":"F5","kev_product":"BIG-IP","kev_vulnerability_name":"F5 BIG-IP Stack-Based Buffer Overflow Vulnerability","kev_short_description":"F5 BIG-IP APM contains a stack-based buffer overflow vulnerability that could allow a threat actor to achieve remote code execution.","kev_required_action":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","kev_due_date":"2026-03-30","kev_known_ransomware":false,"kev_notes":"Please adhere to F5’s guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible F5 products affected by this vulnerability. For more information please see: https://my.f5.com/manage/s/article/K000156741 ; https://my.f5.com/manage/s/article/K000160486 ; https://my.f5.com/manage/s/article/K11438344 ; https://nvd.nist.gov/vuln/detail/CVE-2025-53521","kev_cwes":["CWE-121"],"epss_score":0.02246,"epss_percentile":0.80595,"epss_as_of":"2026-06-23","description":"When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).  \n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.","published_at":"2025-10-15T13:55:52.694000Z","last_modified_at":null,"cvss_v3_score":9.8,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_v3_severity":"CRITICAL","cvss_v4_score":9.3,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","cvss_v4_severity":"CRITICAL","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-121"],"nvd_references":["https://my.f5.com/manage/s/article/K000156741"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:31.350578Z","updated_at":"2026-06-28T23:27:30.625017Z"},"effective_severity":"CRITICAL","badges":["kev"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"H","value_label":"High"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"}]},"affected":[{"vendor_slug":"f5","vendor_name":"F5","product_slug":"big-ip","product_name":"BIG-IP","version_start":"17.5.0","version_start_inclusive":true,"version_end":"17.5.1.3","version_end_inclusive":false,"cpe23_uri":"cve5:f5:big-ip:17.5.0:17.5.1.3"},{"vendor_slug":"f5","vendor_name":"F5","product_slug":"big-ip","product_name":"BIG-IP","version_start":"17.1.0","version_start_inclusive":true,"version_end":"17.1.3","version_end_inclusive":false,"cpe23_uri":"cve5:f5:big-ip:17.1.0:17.1.3"},{"vendor_slug":"f5","vendor_name":"F5","product_slug":"big-ip","product_name":"BIG-IP","version_start":"16.1.0","version_start_inclusive":true,"version_end":"16.1.6.1","version_end_inclusive":false,"cpe23_uri":"cve5:f5:big-ip:16.1.0:16.1.6.1"},{"vendor_slug":"f5","vendor_name":"F5","product_slug":"big-ip","product_name":"BIG-IP","version_start":"15.1.0","version_start_inclusive":true,"version_end":"15.1.10.8","version_end_inclusive":false,"cpe23_uri":"cve5:f5:big-ip:15.1.0:15.1.10.8"}],"exploit_refs":[],"news":[],"references":[{"url":"https://my.f5.com/manage/s/article/K000156741","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2025-10-15T13:55:52.694000Z","label":"CVE published","source":null},{"type":"cisa_reported","at":"2026-03-27T00:00:00Z","label":"Added to CISA KEV catalog","source":"kev"},{"type":"cvss_changed","at":"2026-06-28T17:47:37.529366Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:47:37.529366Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:47:37.529366Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:47:37.529366Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:47:37.529366Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:47:37.529366Z","label":"CVSS score revised","source":"cvelistv5"}]}