Threat Intelligence / CVE / CVE-2025-53521

CVE-2025-53521

CISA KEV

CVSS 9.8 (CRITICAL) · EPSS 41.4% · Published 2025-10-15

When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-121, CWE-770

Threats tracking this CVE

CVE-2025-53521: F5 BIG-IP APM Unauthenticated Remote Code Execution via apmd Process — Active Exploitation by UNC5221 (BRICKSTORM) — CRITICAL
CVE-2025-53521: F5 BIG-IP APM Unauthenticated Remote Code Execution via Stack-based Buffer Overflow — CRITICAL
F5 BIG-IP APM Unauthenticated Remote Code Execution via Stack Buffer Overflow (CVE-2025-53521) — CISA KEV Active Exploitation by Chinese Nation-State Actor — CRITICAL

References

Full detection coverage & IOCs for threats exploiting CVE-2025-53521 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence