CVE-2025-53521 in F5 BIG-IP APM
Summary
When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Reservation
10/04/2025
Disclosure
10/15/2025
Entries
| ID | Vulnerability | CWE | Base | Temp | 0day | Today | Exp | KEV | EPSS | CTI | Cou | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 328677 | F5 BIG-IP APM Traffic Management Microkernel allocation of resources | 770 | 7.6 | 7.4 | $5k-$25k | $0-$5k | Attacked | Verified | 0.19158 | 2.37 | Official fix | CVE-2025-53521 |