CVE-2025-53521

Overview

F5
BIG-IP

15 Oct 2025

Published

28 Mar 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

19.16%

MITRE

KEV

Description

When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

7 Posts
74 Interactions

Last activity: Last hour

Fediverse

Kevin Beaumont @GossiTheDog

For F5 BIG-IP APM customers, CVE-2025-53521 is being exploited in the wild by a nation state threat actor

It allows unauth RCE and applies to the data plane (not the management interface) - the one available over the internet.

https://my.f5.com/manage/s/article/K000156741

Attackers have been deploying webshells, so boxes are still vuln post patching if already exploited prior.

39
30
0
20h ago

Bluesky

Sami Laiho @samilaiho.com

F5 K000156741: BIG-IP APM vulnerability CVE-2025-53521 increased severity, active exploitation URL: my.f5.com/manage/s/art... Classification: Critical, Solution: Official Fix, Exploit Maturity: High, CVSSv4.0: 9.3

1
1
0
13h ago

piggo @pigondrugs.bsky.social

~Cisa~ CISA added an actively exploited F5 BIG-IP RCE vulnerability to its KEV catalog. - IOCs: CVE-2025-53521 - #CVE2025_53521 #F5 #ThreatIntel

1
0
0
14h ago

Undercode Testing @undercode.bsky.social

F5 BIG-IP APM Zero-Day Under Active Siege: CISA Mandates Emergency Patching for CVE-2025-53521 + Video Introduction: A recently reclassified vulnerability in F5’s BIG-IP Access Policy Manager (APM), tracked as CVE-2025-53521, has escalated from a mere denial-of-service (DoS) concern to a critical…

1
0
0
10h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

CISA adds CVE-2025-53521, a critical F5 BIG-IP APM flaw enabling pre-auth remote code execution (CVSS 9.3), to KEV after active exploitation. F5 updates TTPs and requires patches by 2026. #F5Security #Vulnerability #USA

1
0
0
7h ago

r/blueteamsec bot @r-blueteamsec.bsky.social

K000156741: F5 BIG-IP APM vulnerability CVE-2025-53521 - from October - K000160486: Indicators of Compromise for c05d5254 from March

0
0
0
3h ago

Ninja Owl @ninjaowl.ai

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...

0
0
0
Last hour

CVE-2026-33017

Overview

langflow-ai
langflow

20 Mar 2026

Published

26 Mar 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

5.65%

MITRE

KEV

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution. This is distinct from CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code. This issue has been fixed in version 1.9.0.

Statistics

4 Posts

Last activity: 5 hours ago

Fediverse

Steele Fortress @steelefortress

CISA just added two critical vulnerabilities to its Known Exploited Vulnerabilities catalog and both deserve your immediate attention.

First up is CVE-2026-33017, a code injection flaw in Langflow, the open-source AI workflow builder that has exploded in popularity.

#Cybersecurity #InfoSec #Privacy #ThreatIntel

0
0
0
7h ago

Bluesky

BABA Toshiaki @netmarkjp.bsky.social

#ばばさん通信ダイジェスト賛否関わらず話題になった/なりそうなものを共有しています。 CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours

0
0
0
18h ago

Eyal Estrin ☁️ @eyalestrin.bsky.social

Security Analysis and Intel: CVE-2026-33017 Langflow RCE (28.3.2026) #appsec

0
0
0
11h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

Critical flaws in PTC Windchill/FlexPLM exploited with mitigations but no patch; Langflow CVE-2026-33017 active for RCE, upgrade to 1.9.0. Ransomware targets energy firms; Nova Scotia Power breached. #Germany #Ransomware #Canada

0
0
0
5h ago

CVE-2026-3055

Overview

NetScaler
ADC

23 Mar 2026

Published

24 Mar 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

0.02%

MITRE

KEV

Description

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

Statistics

4 Posts

Last activity: 6 hours ago

Bluesky

Undercode Testing @undercode.bsky.social

CVE-2026-3055: NetScaler Under Active Reconnaissance—Patch Now Before Exploitation Goes Nuclear + Video Introduction: The window between attacker reconnaissance and active exploitation is shrinking to near-zero. Security researchers at watchTowr have detected active scanning campaigns targeting…

0
0
0
12h ago

Undercode Testing @undercode.bsky.social

CVE-2026-3055: Critical Citrix NetScaler Flaw Under Active Exploitation – Patch Now! + Video Introduction: A newly disclosed vulnerability, CVE-2026-3055, with a CVSS score of 9.3, is currently being actively probed by attackers targeting Citrix NetScaler appliances. Threat actors are leveraging…

0
0
0
8h ago

Ninja Owl @ninjaowl.ai

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...

0
0
0
8h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

Critical CVE-2026-3055 (CVSS 9.3) in Citrix NetScaler ADC & Gateway allows memory overread via /cgi/GetAuthMethods, enabling attackers to fingerprint auth methods and leak sensitive data. Patching advised. #NetScaler #CVE20263055 #USA

0
0
0
6h ago

CVE-2026-1678

Overview

zephyrproject-rtos
Zephyr
Zephyr

05 Mar 2026

Published

05 Mar 2026

Updated

CVSS v3.1

CRITICAL (9.4)

EPSS

0.05%

MITRE

KEV

Description

dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a malicious DNS response can trigger an out-of-bounds write when CONFIG_DNS_RESOLVER is enabled.

Statistics

1 Post
7 Interactions

Last activity: 22 hours ago

Fediverse

John Kristoff @jtk

Weekend Reads

* DNS parser overflow in Zephyr
https://www.0xkato.xyz/CVE-2026-1678-DNS-Parser-Overflow-in-Zephyr/
* Telegram bots measurement survey
https://arxiv.org/abs/2603.24302
* AS-path prepending for anycast optimization
https://arxiv.org/abs/2603.21082
* Building the largest data center
https://spectrum.ieee.org/5gw-data-center
* OpenBSD init system and boot process
https://overeducated-redneck.net/blurgh/openbsd-init-system.html

#DNS #Telegram #BGP #AI #OpenBSD

3
4
0
22h ago

CVE-2024-54492

Overview

Apple
visionOS

11 Dec 2024

Published

03 Nov 2025

Updated

CVSS

Pending

EPSS

0.28%

MITRE

KEV

Description

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic.

Statistics

1 Post
10 Interactions

Last activity: 18 hours ago

Fediverse

Mysk🇨🇦🇩🇪 @mysk

Good to know but every vulnerability we discovered and reported to Apple also affected the Lockdown Mode. This includes CVE-2024-54492 that impacted the Passwords app. An option to "Allow Contacting Websites" was added starting iOS 26

#privacy #security #iOS #Apple #infosec
--------
Apple Says No iPhone in Lockdown Mode Has Ever Been Hacked

https://www.macrumors.com/2026/03/27/no-iphone-in-lockdown-mode-has-ever-been-hacked/

2
8
0
18h ago

CVE-2026-34205

Overview

home-assistant
Home Assistant Operating System

27 Mar 2026

Published

27 Mar 2026

Updated

CVSS v3.1

CRITICAL (9.7)

EPSS

0.02%

MITRE

KEV

Description

Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (formerly add-ons) configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interface to the local network. On Linux, this configuration does not restrict access to the app as intended, allowing any device on the same network to reach these endpoints without authentication. Home Assistant Supervisor 2026.03.02 addresses the issue.

Statistics

1 Post
3 Interactions

Last activity: 15 hours ago

Fediverse

Offensive Sequence @offseq

🚨 CVE-2026-34205 (CRITICAL): Home Assistant OS ≤17.1 apps in host network mode expose unauthenticated endpoints to local networks. Upgrade to Supervisor 2026.03.02, segment networks, and review configs now! https://radar.offseq.com/threat/cve-2026-34205-cwe-923-improper-restriction-of-com-dfad0bbb #OffSeq #HomeAssistant #IoTSecurity

2
1
0
15h ago

CVE-2026-20131

Overview

Cisco
Cisco Secure Firewall Management Center (FMC)

04 Mar 2026

Published

25 Mar 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

0.81%

MITRE

KEV

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

Statistics

1 Post
3 Interactions

Last activity: 20 hours ago

Fediverse

elhacker.NET @elhackernet

Ransomware Interlock explota Zero-Day crítico en Cisco FMC (CVE-2026-20131)

https://blog.elhacker.net/2026/03/ransomware-interlock-explota-zero-day.html

1
2
0
20h ago

CVE-2026-20963

Overview

Microsoft
Microsoft SharePoint Enterprise Server 2016

13 Jan 2026

Published

19 Mar 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

7.10%

MITRE

KEV

Description

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Statistics

1 Post
1 Interaction

Last activity: 18 hours ago

Fediverse

alexia @TypeErr0r

Think we’ll ever get this deserialization stuff down? #appsec #infosec

https://securityboulevard.com/2026/03/cve-2026-20963-sharepoint-deserialization-remote-code-execution-vulnerability/

1
0
0
18h ago

CVE-2026-27876

Overview

Grafana
Grafana Enterprise

27 Mar 2026

Published

28 Mar 2026

Updated

CVSS v3.1

CRITICAL (9.1)

EPSS

0.08%

MITRE

KEV

Description

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the sqlExpressions feature toggle enabled are vulnerable.

Statistics

2 Posts
4 Interactions

Last activity: 3 hours ago

Fediverse

Luca Hammer @luca

- Syncthing got a 2.0 release and switched from LevelDB to SQLite https://github.com/syncthing/syncthing/releases
- macOS did that weird (a) Upgrade https://support.apple.com/de-de/126604 and is now at 2.6.4 with 8 (eight!) new emojis https://support.apple.com/en-us/122868
- Grafana security fix 12.4.1 -> 12.4.2 https://grafana.com/blog/grafana-security-release-critical-and-high-severity-security-fixes-for-cve-2026-27876-and-cve-2026-27880/
- TandoorRecipes got shared shopping lists and pantry inventory with 2.6.0 and an security update to 2.6.1 https://github.com/TandoorRecipes/recipes/releases
- Grist, qbittorrent and smokeping got updates for their containers. I haven't figured out what changed. https://hub.docker.com/r/gristlabs/grist https://github.com/linuxserver/docker-qbittorrent/releases https://github.com/linuxserver/docker-smokeping/releases
- Redis 8.6.2 with some bugfixes https://github.com/redis/redis/releases
- Home Assistant 2026.3.3 -> 2026.3.4. Nothing interesting. https://github.com/home-assistant/core/releases
- oh-my-zsh with tiny changes https://github.com/ohmyzsh/ohmyzsh/commits/master/
- Next section is done by homebrew. I don't even know what half of the stuff is used for. Don't judge for having fish and zsh.
ffmpeg 8.0.1_4 -> 8.1
pandoc 3.9 -> 3.9.0.2
nghttp2 1.68.0_1 -> 1.68.1
simdjson 4.4.0 -> 4.4.2
freetype 2.14.2 -> 2.14.3
cryptography 46.0.5 -> 46.0.6
ipython 9.11.0 -> 9.12.0
libavif 1.4.0 -> 1.4.1
harfbuzz 13.1.1 -> 13.2.1
glib 2.86.4 -> 2.88.0
aom 3.13.1 -> 3.13.2
svt-av1 4.0.1 -> 4.1.0
libnghttp2 1.68.0 -> 1.68.1
openexr 3.4.6 -> 3.4.8
ca-certificates 2025-12-02 -> 2026-03-19
esphome 2026.2.4 -> 2026.3.1
jupyterlab 4.5.6 -> 4.5.6_1
ada-url 3.4.3 -> 3.4.4
node 25.8.1_1 -> 25.8.2
fish 4.5.0 -> 4.6.0
icu4c@78 78.2 -> 78.3
jpeg-turbo 3.1.3 -> 3.1.4
- tailscale 1.96.2 now with easy file transfers "taildrop" https://tailscale.com/changelog
- Xcode 26.4 https://developer.apple.com/documentation/xcode-release-notes/xcode-26_4-release-notes

I haven't touched my desktop yet and probably won't.

Edit 1
I missed the Nextcloud update because I use that weird Nextcloud All-In-One container. nextcloud.com/changelog/

Edit 2
How did I miss the Mastodon upgrade from 4.5.7 to 4.5.8. I may be gone for a moment. https://github.com/mastodon/mastodon/releases

Edit 3
Why do I run a server in the garage?
evcc 0.209.6 -> 0.303.2 https://github.com/evcc-io/evcc/releases

1
3
0
7h ago

Bluesky

r/blueteamsec bot @r-blueteamsec.bsky.social

Grafana security release: Critical and high severity security fixes for CVE-2026-27876 and CVE-2026-27880 | Grafana Labs

0
0
0
3h ago

CVE-2026-27880

Overview

Grafana
Grafana

27 Mar 2026

Published

27 Mar 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

0.01%

MITRE

KEV

Description

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes.

Statistics

2 Posts
4 Interactions

Last activity: 3 hours ago

Fediverse

Luca Hammer @luca

- Syncthing got a 2.0 release and switched from LevelDB to SQLite https://github.com/syncthing/syncthing/releases
- macOS did that weird (a) Upgrade https://support.apple.com/de-de/126604 and is now at 2.6.4 with 8 (eight!) new emojis https://support.apple.com/en-us/122868
- Grafana security fix 12.4.1 -> 12.4.2 https://grafana.com/blog/grafana-security-release-critical-and-high-severity-security-fixes-for-cve-2026-27876-and-cve-2026-27880/
- TandoorRecipes got shared shopping lists and pantry inventory with 2.6.0 and an security update to 2.6.1 https://github.com/TandoorRecipes/recipes/releases
- Grist, qbittorrent and smokeping got updates for their containers. I haven't figured out what changed. https://hub.docker.com/r/gristlabs/grist https://github.com/linuxserver/docker-qbittorrent/releases https://github.com/linuxserver/docker-smokeping/releases
- Redis 8.6.2 with some bugfixes https://github.com/redis/redis/releases
- Home Assistant 2026.3.3 -> 2026.3.4. Nothing interesting. https://github.com/home-assistant/core/releases
- oh-my-zsh with tiny changes https://github.com/ohmyzsh/ohmyzsh/commits/master/
- Next section is done by homebrew. I don't even know what half of the stuff is used for. Don't judge for having fish and zsh.
ffmpeg 8.0.1_4 -> 8.1
pandoc 3.9 -> 3.9.0.2
nghttp2 1.68.0_1 -> 1.68.1
simdjson 4.4.0 -> 4.4.2
freetype 2.14.2 -> 2.14.3
cryptography 46.0.5 -> 46.0.6
ipython 9.11.0 -> 9.12.0
libavif 1.4.0 -> 1.4.1
harfbuzz 13.1.1 -> 13.2.1
glib 2.86.4 -> 2.88.0
aom 3.13.1 -> 3.13.2
svt-av1 4.0.1 -> 4.1.0
libnghttp2 1.68.0 -> 1.68.1
openexr 3.4.6 -> 3.4.8
ca-certificates 2025-12-02 -> 2026-03-19
esphome 2026.2.4 -> 2026.3.1
jupyterlab 4.5.6 -> 4.5.6_1
ada-url 3.4.3 -> 3.4.4
node 25.8.1_1 -> 25.8.2
fish 4.5.0 -> 4.6.0
icu4c@78 78.2 -> 78.3
jpeg-turbo 3.1.3 -> 3.1.4
- tailscale 1.96.2 now with easy file transfers "taildrop" https://tailscale.com/changelog
- Xcode 26.4 https://developer.apple.com/documentation/xcode-release-notes/xcode-26_4-release-notes

I haven't touched my desktop yet and probably won't.

Edit 1
I missed the Nextcloud update because I use that weird Nextcloud All-In-One container. nextcloud.com/changelog/

Edit 2
How did I miss the Mastodon upgrade from 4.5.7 to 4.5.8. I may be gone for a moment. https://github.com/mastodon/mastodon/releases

Edit 3
Why do I run a server in the garage?
evcc 0.209.6 -> 0.303.2 https://github.com/evcc-io/evcc/releases

1
3
0
7h ago

Bluesky

r/blueteamsec bot @r-blueteamsec.bsky.social

Grafana security release: Critical and high severity security fixes for CVE-2026-27876 and CVE-2026-27880 | Grafana Labs

0
0
0
3h ago