Active Exploitation of RCE Vulnerability in F5 BIG-IP APM Systems

Active Exploitation of RCE Vulnerability in F5 BIG-IP APM Systems

First seen 28 Mar 2026, 11:13 UTC Securityaffairs.CoFeeds2.FeedburnerCybersecuritynewsGbhackersHeise.De+13 85% similarity 76.0

Article Content

Browse articles
ThreatCluster

A critical unauthenticated remote code execution vulnerability, tracked as CVE-2025-53521, in F5's BIG-IP Access Policy Manager (APM) systems is currently being exploited. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities catalog on March 27, 2026, following an update from F5 regarding a data breach attributed to a sophisticated nation-state threat actor. The vulnerability has a CVSS score of 9.8, indicating its high severity. Organizations using F5 BIG-IP APM systems are at risk, as the flaw allows attackers to execute arbitrary code without authentication. F5 initially published a security advisory on October 15, 2025, when the breach was confirmed. The ongoing exploitation poses a significant threat to affected systems and their users.

Key Points: • CVE-2025-53521 is a critical RCE vulnerability in F5 BIG-IP APM systems. • CISA added the vulnerability to its KEV catalog due to active exploitation. • The vulnerability has a CVSS score of 9.8, highlighting its severity.

ThreatCluster AI

Timeline

2025-10-15
CVE-2025-53521 published and F5 confirmed data breach.
2026-03-27
CISA added CVE-2025-53521 to its KEV catalog.
2026-03-28
Articles published reporting on the active exploitation of the vulnerability.

Community

Browse all →