CP
cyberpings
VulnerabilitiesCRITICAL

CVE-2025-53521 - F5 BIG-IP APM Vulnerability Exploited

Featured image for CVE-2025-53521 - F5 BIG-IP APM Vulnerability Exploited
AWArctic Wolf Blog
CVE-2025-53521F5 BIG-IP APMremote code executionunauthenticated access
🎯

Basically, a flaw in F5's software lets hackers run harmful code without needing a password.

Quick Summary

F5 has reclassified a vulnerability in BIG-IP APM as critical, allowing unauthenticated remote code execution. Organizations must upgrade to the latest versions to mitigate risks. Immediate action is essential to protect sensitive data.

The Flaw

On March 28, 2026, F5 Networks issued an urgent update regarding a vulnerability in their BIG-IP Access Policy Manager (APM), identified as CVE-2025-53521. Initially reported in October 2025, this flaw was thought to be a medium-severity denial-of-service (DoS) issue. However, further analysis revealed that it allows for critical remote code execution (RCE). This means that attackers can execute arbitrary code on affected systems without needing authentication.

The vulnerability stems from improper handling of crafted traffic within the APM component when an access policy is attached to a virtual server. This flaw is particularly dangerous as it enables unauthenticated remote threat actors to deploy web shells, which can lead to full system compromise. F5 has indicated that the exploitation of this vulnerability is currently active in the wild.

What's at Risk

The most significant risk arises for organizations using internet-exposed APM virtual servers. Since these devices are widely deployed in various enterprises, the potential impact is extensive. Attackers exploiting this vulnerability could gain access to sensitive data and systems, leading to severe operational disruptions.

F5 has reported that the original fixes released in October 2025 are effective against the newly documented RCE vector. However, the lack of a publicly available proof-of-concept (PoC) exploit does not diminish the urgency of addressing this vulnerability. The risk of opportunistic targeting is high, especially given the widespread use of BIG-IP APM in enterprise environments.

Patch Status

F5 has provided a list of affected versions along with their corresponding fixed versions:

  • BIG-IP APM (15.1.x): Affected versions 15.1.0–15.1.10; Fixed version 15.1.10.8
  • BIG-IP APM (16.1.x): Affected versions 16.1.0–16.1.6; Fixed version 16.1.6.1
  • BIG-IP APM (17.1.x): Affected versions 17.1.0–17.1.2; Fixed version 17.1.3
  • BIG-IP APM (17.5.x): Affected versions 17.5.0–17.5.1; Fixed version 17.5.1.3

Organizations are urged to follow their internal patching and testing guidelines to minimize operational impacts while upgrading to the latest fixed versions.

Immediate Actions

To protect against the risks posed by CVE-2025-53521, organizations should take immediate action. Here are the recommended steps:

  • Upgrade to the latest fixed version of BIG-IP APM as outlined above.
  • Monitor network traffic for any unusual activity that may indicate exploitation attempts.
  • Review security policies and ensure that access controls are appropriately configured to limit exposure.

By taking these proactive measures, organizations can significantly reduce their risk of being compromised through this vulnerability. The urgency of addressing CVE-2025-53521 cannot be overstated, as the potential for exploitation is high and the consequences severe.

🔒 Pro insight: The reclassification of CVE-2025-53521 to critical status highlights the evolving threat landscape; organizations must prioritize patching to prevent exploitation.

Original article from

AWArctic Wolf Blog· Arctic Wolf Labs
Read Full Article

Share

Related Pings

CRITICALVulnerabilities

GIGABYTE Control Center - Critical File Write Vulnerability

A critical vulnerability in GIGABYTE Control Center allows remote attackers to write files and execute code. Users must upgrade to the latest version to protect their systems. This flaw poses significant risks for both individuals and organizations.

BleepingComputer·
CRITICALVulnerabilities

Telegram Zero-Click Vulnerability - Critical Device Threat

A critical zero-click vulnerability in Telegram could allow hackers to take over devices. Both individual users and businesses are at risk. Immediate action is needed to protect sensitive data.

SC Media·
HIGHVulnerabilities

Vim and Emacs RCE Vulnerabilities Found by Claude AI

Claude AI has uncovered serious RCE vulnerabilities in Vim and GNU Emacs. Users are at risk when opening crafted files. Immediate updates and caution are essential to stay safe.

BleepingComputer·
HIGHVulnerabilities

Citrix NetScaler ADC Bug - Added to CISA Exploit List

A critical vulnerability in Citrix NetScaler ADC has been added to CISA's exploit list. This bug poses significant risks, with thousands of appliances exposed online. Organizations must act quickly to patch and secure their systems.

SC Media·
CRITICALVulnerabilities

CVE-2025-53521 - F5 BIG-IP APM Vulnerability Reclassified

F5's BIG-IP APM vulnerability CVE-2025-53521 has been reclassified as a critical RCE. Unauthenticated attackers can exploit this flaw, putting many organizations at risk. Immediate action is required to upgrade affected systems.

Arctic Wolf Blog·
CRITICALVulnerabilities

F5 BIG-IP DoS Bug - Critical RCE Under Active Exploitation

A critical vulnerability in F5 BIG-IP has been exploited in the wild. Organizations using affected versions must patch immediately to avoid severe consequences. Stay vigilant for signs of compromise.

CSO Online·