9.8
CVE-2025-53521
- EPSS 2.25%
- Veröffentlicht 15.10.2025 13:55:52
- Zuletzt bearbeitet 31.03.2026 17:12:31
- Quelle f5sirt@f5.com
- CVE-Watchlists
- Unerledigt
BigIP APM Vulnerability
When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
F5 ≫ Big-ip Access Policy Manager Version >= 15.1.0 < 15.1.10.8
F5 ≫ Big-ip Access Policy Manager Version >= 16.1.0 < 16.1.6.1
F5 ≫ Big-ip Access Policy Manager Version >= 17.1.0 < 17.1.3
F5 ≫ Big-ip Access Policy Manager Version >= 17.5.0 < 17.5.1.3
VulnDex Vulnerability Enrichment
27.03.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog
F5 BIG-IP Unspecified Vulnerability
SchwachstelleF5 BIG-IP AMP contains an unspecified vulnerability that could allow a threat actor to achieve remote code execution.
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.25% | 0.806 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| f5sirt@f5.com | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| f5sirt@f5.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-121 Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://my.f5.com/manage/s/article/K000156741
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53521