CVE-2025-53521

Oct. 15, 2025, 2:15 p.m.

8.7
High

Description

When a BIG-IP APM Access Policy is configured on a virtual server, undisclosed traffic can cause TMM to terminate.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Product(s) Impacted

Vendor Product Versions
F5 networks
  • Big-ip
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-770
Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a f5 networks big-ip / / / / / / / /

References

https://my.f5.com/manage/s/article/K000156741

Tags

CWE-770
[email protected]
2025-10-15
CVE-2025-53521

CVSS Score

8.7 / 10

CVSS Data - 4.0

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Attack Requirements: NONE
  • Privileges Required: NONE
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH
  • Exploit Maturity: NOT_DEFINED

    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: Oct. 15, 2025, 2:15 p.m.
Last Modified: Oct. 15, 2025, 2:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

Linked Attack Reports

F5 BIG-IP Source Code Leak Tied to State-Linked Campaigns Using BRICKSTORM Backdoor

A China-linked threat cluster, UNC5221, is actively targeting organizations using F5 BIG-IP following a confirmed breach of F5's internal development data. The stolen data includes portions of BIG-IP source code and vulnerability information, raising the risk of rapid 0-day discovery and weaponizat…
brickstorm
2025-10-24
f5 big-ip
Published: October 24, 2025
Linked vulnerabilities : CVE-2025-61882 (CVSS 9.8), CVE-2025-41430 (CVSS 8.7), CVE-2025-46706 (CVSS 8.7), CVE-2025-48008 (CVSS 8.7), CVE-2025-53474 (CVSS 8.7), CVE-2025-53521 (CVSS 8.7), CVE-2025-53856 (CVSS 8.7), CVE-2025-53868 (CVSS 8.5), CVE-2025-54479 (CVSS 8.7), CVE-2025-54854 (CVSS 8.7), CVE-2025-54858 (CVSS 8.7), CVE-2025-55036 (CVSS 8.7), CVE-2025-55669 (CVSS 8.7), CVE-2025-58096 (CVSS 8.2), CVE-2025-58120 (CVSS 8.7), CVE-2025-59478 (CVSS 8.7), CVE-2025-59781 (CVSS 8.7), CVE-2025-60016 (CVSS 8.7), CVE-2025-61938 (CVSS 8.7), CVE-2025-61951 (CVSS 8.7), CVE-2025-61955 (CVSS 8.5), CVE-2025-61960 (CVSS 8.7), CVE-2025-61974 (CVSS 8.7), CVE-2025-57780 (CVSS 8.5), CVE-2025-58071 (CVSS 8.7), CVE-2025-61935 (CVSS 8.7), CVE-2025-61990 (CVSS 8.7)
Downloadable IOCs: 3

March 2026 CVE Landscape: 31 High-Impact Vulnerabilities Identified, Interlock Ransomware Group Exploits Cisco FMC Zero-Day

In March 2026, 31 high-impact vulnerabilities were identified requiring prioritization for remediation, with 29 receiving Very Critical Risk Scores. Affected vendors included Cisco, Microsoft, Google, ConnectWise, and others, with Microsoft and Apple accounting for approximately 32% of vulnerabilit…
ransomware
remote code execution
deserialization vulnerability
CVE-2025-32432
CVE-2025-54068
CVE-2025-26399
CVE-2025-53521
CVE-2025-68613
CVE-2026-20963
CVE-2026-27483
CVE-2026-21385
CVE-2021-30952
CVE-2023-41974
plasmagrid
CVE-2026-20131
CVE-2026-27944
CVE-2017-7921
CVE-2026-21262
CVE-2026-25187
CVE-2026-26127
CVE-2026-3909
CVE-2026-3910
CVE-2026-3564
ghostblade
ghostknife
ghostsaber
CVE-2026-33017
CVE-2026-3055
CVE-2026-33634
CVE-2026-33032
2026-04-14
cisco fmc
ios exploit kit
plasmaloader
zero-day exploitation
Published: April 14, 2026
Linked vulnerabilities : CVE-2025-32432 (CVSS 10.0), CVE-2025-54068 (CVSS 9.2), CVE-2025-26399 (CVSS 9.8), CVE-2025-53521 (CVSS 8.7), CVE-2025-68613 (CVSS 9.9), CVE-2026-20963 (CVSS 8.8), CVE-2026-27483 (CVSS 8.8), CVE-2026-21385 (CVSS 7.8), CVE-2023-41974, CVE-2021-30952, CVE-2026-20131 (CVSS 10.0), CVE-2026-27944 (CVSS 9.8), CVE-2017-7921, CVE-2026-21262 (CVSS 8.8), CVE-2026-25187 (CVSS 7.8), CVE-2026-26127 (CVSS 7.5), CVE-2026-3909 (CVSS 8.8), CVE-2026-3910 (CVSS 8.8), CVE-2026-3564 (CVSS 9.0), CVE-2026-33017 (CVSS 9.3), CVE-2026-3055 (CVSS 9.3), CVE-2026-33634 (CVSS 9.4), CVE-2026-33032 (CVSS 9.8)
Downloadable IOCs: 2

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

A sophisticated multi-stage intrusion began with the compromise of an internet-facing F5 BIG-IP load balancer running an end-of-life version. The threat actor established SSH access to a Linux server using privileged credentials, then conducted extensive reconnaissance including network scanning wi…
credential theft
2026-05-22
confluence exploitation
kerberos relay
Published: May 22, 2026
Linked vulnerabilities : CVE-2024-2012 (CVSS 9.1), CVE-2025-33073 (CVSS 8.8), CVE-2025-20333 (CVSS 9.9), CVE-2025-20362 (CVSS 6.5), CVE-2025-53521 (CVSS 8.7)
Downloadable IOCs: 5

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.