CVE-2025-53521

CRITICAL

When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Complexity
LOW
Privileges
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 10/15/2025Modified: 3/31/2026

Related Intelligence (4)

CRITICALMalware

5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild

A vulnerability misclassified five months ago as a denial-of-service issue in F5 BIG-IP Access Policy Manager (APM) turned out to be a critical pre-authentication remote code execution flaw that is now under active exploitation. Hackers are using it to deploy a persistent malware program that runs with root privileges. The CVE-2025-53521 vulnerability was first disclosed in October 2025 as a DoS i

CVE-2025-53521
CSO Online
MEDIUMVulnerability

NCSC Urges Immediate Patching of F5 BIG-IP Bug

The National Cyber Security Centre wants UK firms to patch CVE-2025-53521

CVE-2025-53521
Infosecurity Magazine
MEDIUMVulnerability

F5 BIG-IP Vulnerability Reclassified as RCE, Under Exploitation

CVE-2025-53521 was initially disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information has revealed the bug is actually much more dangerous.

CVE-2025-53521
Dark Reading
HIGHVulnerability

CISA KEV: F5 BIG-IP — F5 BIG-IP Unspecified Vulnerability

F5 BIG-IP APM contains an unspecified vulnerability that could allow a threat actor to achieve remote code execution.

CVE-2025-53521F5 BIG-IP
CISA KEV

References (2)

https://my.f5.com/manage/s/article/K000156741Vendor Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53521US Government Resource