Active Exploitation of RCE Vulnerability in F5 BIG-IP APM Systems

Severity: High (Score: 76.0)

Sources: Cybersecuritynews, Feeds2.Feedburner, Securityaffairs.Co

Summary

A critical unauthenticated remote code execution vulnerability, tracked as CVE-2025-53521, in F5's BIG-IP Access Policy Manager (APM) systems is currently being exploited. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities catalog on March 27, 2026, following an update from F5 regarding a data breach attributed to a sophisticated nation-state threat actor. The vulnerability has a CVSS score of 9.8, indicating its high severity. Organizations using F5 BIG-IP APM systems are at risk, as the flaw allows attackers to execute arbitrary code without authentication. F5 initially published a security advisory on October 15, 2025, when the breach was confirmed. The ongoing exploitation poses a significant threat to affected systems and their users. Key Points: • CVE-2025-53521 is a critical RCE vulnerability in F5 BIG-IP APM systems. • CISA added the vulnerability to its KEV catalog due to active exploitation. • The vulnerability has a CVSS score of 9.8, highlighting its severity.

Key Entities

• Data Breach (attack_type)
• CVE-2025-53521 (cve)
• Big-ip APM (platform)
• F5 Big-ip (platform)
• F5 Big-ip AMP (platform)