CP
cyberpings
VulnerabilitiesCRITICAL

RCE Vulnerability - Attackers Exploit F5 BIG-IP APM Flaw

HNHelp Net Security
CVE-2025-53521F5 BIG-IPremote code executionCISAnation-state threat
🎯

Basically, hackers can take control of systems using a serious flaw in F5's software.

Quick Summary

A critical vulnerability in F5's BIG-IP APM is under active attack. Organizations using affected versions are at risk of severe breaches. Immediate patching is essential to protect systems.

The Flaw

F5's BIG-IP Access Policy Manager (APM) has a critical unauthenticated remote code execution vulnerability identified as CVE-2025-53521. This flaw allows attackers to execute arbitrary code on affected systems, posing a significant risk to enterprises, financial institutions, and government organizations. The vulnerability affects versions 17.5.0 to 17.5.1, 17.1.0 to 17.1.2, 16.1.0 to 16.1.6, and 15.1.0 to 15.1.10 of BIG-IP APM. Initially thought to only cause denial of service, new findings have reclassified it as a remote code execution threat with a CVSS score of 9.8.

What's at Risk

Organizations using the vulnerable versions of BIG-IP APM are at high risk. Attackers can exploit this vulnerability to gain unauthorized access, potentially leading to data breaches and system compromises. F5 has indicated that the flaw can be exploited through malicious traffic directed at a configured access policy on a virtual server. This means that without proper defenses, attackers can take control of critical systems.

Patch Status

F5 released patches for the vulnerability in October 2025, which effectively mitigate the risk if applied promptly. However, the US Cybersecurity and Infrastructure Security Agency (CISA) has warned that exploitation of the flaw is currently active. Organizations that have not updated their systems may have already been compromised, as the advisory does not specify when exploitation began. Customers are urged to check their systems for indicators of compromise, including specific file changes and unusual traffic patterns.

Immediate Actions

Organizations should prioritize updating their BIG-IP APM systems to the latest patched versions. F5 has provided a list of indicators of compromise to help organizations identify potential breaches. These include monitoring for specific files, log entries, and modifications to system integrity checkers. CISA has mandated that US federal agencies assess their exposure and take necessary actions by March 30, 2026. Failure to act could lead to severe consequences, including unauthorized access and data loss.

🔒 Pro insight: The active exploitation of CVE-2025-53521 highlights the urgent need for timely patch management in enterprise environments.

Original article from

Help Net Security · Zeljka Zorz

Read Full Article

Share

Related Pings

HIGHVulnerabilities

F5 BIG-IP AMP Vulnerability - CISA Adds to Exploited Catalog

CISA has added a critical vulnerability in F5 BIG-IP AMP to its exploited catalog. This flaw allows remote code execution, posing risks to organizations. Immediate action is required to mitigate potential threats.

Security Affairs·
CRITICALVulnerabilities

CVE-2025-53521 - Critical F5 BIG-IP APM Exploitation Alert

CISA has flagged a critical flaw in F5 BIG-IP APM, allowing remote code execution. Organizations using affected versions must act quickly to patch their systems. This vulnerability poses a serious risk to network security.

The Hacker News·
HIGHVulnerabilities

Vulnerabilities in PDF Engines - New Risks Uncovered

New research reveals 16 vulnerabilities in PDF engines, challenging the notion of PDFs as safe. This discovery highlights significant risks for enterprises relying on PDF technology.

CyberWire Daily·
HIGHVulnerabilities

Windows 11 - Update Blocks Untrusted Kernel Drivers by Default

Microsoft is enhancing security by blocking untrusted kernel drivers in Windows 11 and Server 2025. This update protects against legacy vulnerabilities and malicious attacks. Users should ensure their drivers are compliant with the new standards.

Cyber Security News·
CRITICALVulnerabilities

Vulnerabilities - CISA Adds Aquasecurity Trivy Scanner Flaw

CISA has added a critical vulnerability in Aquasecurity's Trivy scanner to its KEV catalog. This flaw allows unauthorized access to sensitive CI/CD environments. Organizations must act quickly to mitigate risks and protect their infrastructure.

Cyber Security News·
CRITICALVulnerabilities

Critical Langflow AI Bug - Exploited Within 20 Hours

A critical vulnerability in the Langflow AI framework was exploited within 20 hours of its disclosure. Organizations using this tool face serious risks. Immediate action is essential to mitigate potential exposure and protect sensitive data.

SC Media·