CVE-2025-53521
7.5HIGHWhen a BIG-IP APM Access Policy is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not
Published: 10/15/2025Updated: 10/21/2025
CISA Known Exploited Vulnerability
F5 BIG-IP APM contains a stack-based buffer overflow vulnerability that could allow a threat actor to achieve remote code execution.
Required Action:
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due Date:
2026-03-30
Description
When a BIG-IP APM Access Policy is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
AI AnalysisPowered by AI
Affected Products
f5big-ip_access_policy_manager
f5big-ip_advanced_firewall_manager
f5big-ip_advanced_web_application_firewall
f5big-ip_analytics
f5big-ip_application_acceleration_manager
f5big-ip_application_security_manager
f5big-ip_application_visibility_and_reporting
f5big-ip_automation_toolchain
f5big-ip_carrier-grade_nat
f5big-ip_container_ingress_services
f5big-ip_ddos_hybrid_defender
f5big-ip_domain_name_system
f5big-ip_edge_gateway
f5big-ip_fraud_protection_service
f5big-ip_global_traffic_manager
f5big-ip_link_controller
f5big-ip_local_traffic_manager
f5big-ip_policy_enforcement_manager
f5big-ip_ssl_orchestrator
f5big-ip_webaccelerator
f5big-ip_websafe
f5big-ip_access_policy_manager
f5big-ip_advanced_firewall_manager
f5big-ip_advanced_web_application_firewall
f5big-ip_analytics
f5big-ip_application_acceleration_manager
f5big-ip_application_security_manager
f5big-ip_application_visibility_and_reporting
f5big-ip_automation_toolchain
f5big-ip_carrier-grade_nat
f5big-ip_container_ingress_services
f5big-ip_ddos_hybrid_defender
f5big-ip_domain_name_system
f5big-ip_edge_gateway
f5big-ip_fraud_protection_service
f5big-ip_global_traffic_manager
f5big-ip_link_controller
f5big-ip_local_traffic_manager
f5big-ip_policy_enforcement_manager
f5big-ip_ssl_orchestrator
f5big-ip_webaccelerator
f5big-ip_websafe
f5big-ip_access_policy_manager
f5big-ip_access_policy_manager
f5big-ip_advanced_firewall_manager
f5big-ip_advanced_firewall_manager
f5big-ip_advanced_web_application_firewall
f5big-ip_advanced_web_application_firewall
f5big-ip_analytics
f5big-ip_analytics
f5big-ip_application_acceleration_manager
f5big-ip_application_acceleration_manager
f5big-ip_application_security_manager
f5big-ip_application_security_manager
f5big-ip_application_visibility_and_reporting
f5big-ip_application_visibility_and_reporting
f5big-ip_automation_toolchain
f5big-ip_automation_toolchain
f5big-ip_carrier-grade_nat
f5big-ip_carrier-grade_nat
f5big-ip_container_ingress_services
f5big-ip_container_ingress_services
f5big-ip_ddos_hybrid_defender
f5big-ip_ddos_hybrid_defender
f5big-ip_domain_name_system
f5big-ip_domain_name_system
f5big-ip_edge_gateway
f5big-ip_edge_gateway
f5big-ip_fraud_protection_service
f5big-ip_fraud_protection_service
f5big-ip_global_traffic_manager
f5big-ip_link_controller
f5big-ip_link_controller
f5big-ip_local_traffic_manager
f5big-ip_local_traffic_manager
f5big-ip_policy_enforcement_manager
f5big-ip_policy_enforcement_manager
f5big-ip_ssl_orchestrator
f5big-ip_ssl_orchestrator
f5big-ip_webaccelerator
f5big-ip_webaccelerator
f5big-ip_websafe
f5big-ip_websafe
References
- https://my.f5.com/manage/s/article/K000156741Vendor Advisory