CP
cyberpings
VulnerabilitiesHIGH

F5 BIG-IP AMP Vulnerability - CISA Adds to Exploited Catalog

SASecurity Affairs
CVE-2025-53521F5 BIG-IP AMPRemote Code ExecutionCISAvulnerability
🎯

Basically, a serious flaw in F5 BIG-IP AMP lets hackers run harmful code remotely.

Quick Summary

CISA has added a critical vulnerability in F5 BIG-IP AMP to its exploited catalog. This flaw allows remote code execution, posing risks to organizations. Immediate action is required to mitigate potential threats.

The Flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a critical vulnerability in F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, tracked as CVE-2025-53521, has a high CVSS score of 9.8, indicating its severity. The flaw allows specially crafted malicious traffic to trigger Remote Code Execution (RCE) when an access policy is enabled on a virtual server.

Initially classified as a Denial-of-Service (DoS) issue, new findings have reclassified it as a critical RCE flaw. This change in classification highlights the potential for significant exploitation, as attackers can execute arbitrary code on affected systems. The vulnerability has been actively exploited in vulnerable versions of BIG-IP, raising alarms across various sectors.

What's at Risk

Organizations using F5 BIG-IP APM are at risk if they have not patched this vulnerability. The flaw affects versions that have not reached End of Technical Support (EoTS), meaning that those still receiving updates are particularly vulnerable. The potential for RCE means that attackers could gain unauthorized access, leading to data breaches or further network compromises.

The implications are severe, especially for federal agencies and private organizations that rely on F5 systems for secure access management. CISA has mandated that federal agencies must address this vulnerability by March 30, 2026. Failure to do so could expose networks to significant risks, including data loss and operational disruptions.

Patch Status

F5 has acknowledged the vulnerability and confirmed that the original fix remains effective. However, organizations must ensure they are running the latest versions of the software to mitigate risks. CISA's advisory emphasizes the importance of addressing vulnerabilities listed in the KEV catalog, urging organizations to prioritize these updates.

Experts recommend that organizations conduct thorough reviews of their infrastructure to identify any instances of the affected software. This proactive approach can help prevent exploitation by malicious actors who may already be aware of the vulnerability.

Immediate Actions

Organizations should take immediate steps to protect their systems from this vulnerability. Here are some recommended actions:

  • Update Software: Ensure that all instances of F5 BIG-IP APM are updated to the latest version.
  • Review Access Policies: Check virtual server configurations to identify any that may be exposing the vulnerability.
  • Monitor Network Traffic: Implement monitoring for unusual traffic patterns that may indicate attempts to exploit the vulnerability.

By acting quickly, organizations can reduce their risk and protect their networks from potential attacks. The situation underscores the necessity of maintaining up-to-date security practices and being vigilant against emerging threats.

🔒 Pro insight: The reclassification of this flaw to RCE indicates a shift in threat landscape, warranting immediate patching and monitoring efforts.

Original article from

Security Affairs · Pierluigi Paganini

Read Full Article

Share

Related Pings

CRITICALVulnerabilities

RCE Vulnerability - Attackers Exploit F5 BIG-IP APM Flaw

A critical vulnerability in F5's BIG-IP APM is under active attack. Organizations using affected versions are at risk of severe breaches. Immediate patching is essential to protect systems.

Help Net Security·
CRITICALVulnerabilities

CVE-2025-53521 - Critical F5 BIG-IP APM Exploitation Alert

CISA has flagged a critical flaw in F5 BIG-IP APM, allowing remote code execution. Organizations using affected versions must act quickly to patch their systems. This vulnerability poses a serious risk to network security.

The Hacker News·
HIGHVulnerabilities

Vulnerabilities in PDF Engines - New Risks Uncovered

New research reveals 16 vulnerabilities in PDF engines, challenging the notion of PDFs as safe. This discovery highlights significant risks for enterprises relying on PDF technology.

CyberWire Daily·
HIGHVulnerabilities

Windows 11 - Update Blocks Untrusted Kernel Drivers by Default

Microsoft is enhancing security by blocking untrusted kernel drivers in Windows 11 and Server 2025. This update protects against legacy vulnerabilities and malicious attacks. Users should ensure their drivers are compliant with the new standards.

Cyber Security News·
CRITICALVulnerabilities

Vulnerabilities - CISA Adds Aquasecurity Trivy Scanner Flaw

CISA has added a critical vulnerability in Aquasecurity's Trivy scanner to its KEV catalog. This flaw allows unauthorized access to sensitive CI/CD environments. Organizations must act quickly to mitigate risks and protect their infrastructure.

Cyber Security News·
CRITICALVulnerabilities

Critical Langflow AI Bug - Exploited Within 20 Hours

A critical vulnerability in the Langflow AI framework was exploited within 20 hours of its disclosure. Organizations using this tool face serious risks. Immediate action is essential to mitigate potential exposure and protect sensitive data.

SC Media·