Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

F5 BIG-IP APM unauthenticated RCE (CVE-2025-53521)

Vulnerability
First reported
Last updated
Happening score
H score 59
2 unique sources, 2 articles

Summary

Hide ▲

CVE-2025-53521 is being actively exploited against F5 BIG-IP APM deployments, creating unauthenticated remote code execution risk for exposed systems. The flaw affects BIG-IP APM systems with an access policy configured on a virtual server, including Appliance mode. F5 says fixed releases are available, and CISA has added the CVE to its Known Exploited Vulnerabilities list. Organizations should prioritize patching because the weakness has already been abused in the wild.

Cases

F5 BIG-IP APM RCE exploitation and response (4)

Related Happenings

CERT-In 12-hour KEV remediation guidance

Advisory/Mitigation
First: 26.05.2026 13:30 Last: 26.05.2026 13:30 Sources 1

About this happening: CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...

Open Happening

CERT-In issues 12-hour patch guidance for Indian organizations

Public Sector Action
First: 26.05.2026 13:30 Last: 26.05.2026 13:30 Sources 1

About this happening: **CERT-In** published new guidance on **May 25** urging Indian organizations to patch **actively exploited internet-facing vulnerabilities** within **12 hours**, tightening respon...

Open Happening

OpenDCIM multi-flaw exploitation wave (CVE-2026-28515, CVE-2026-28516, CVE-2026-28517)

Exploitation Wave
First: 17.05.2026 14:57 Last: 17.05.2026 14:57 Sources 1

About this happening: **openDCIM** is seeing an **active exploitation wave** tied to **CVE-2026-28515**, **CVE-2026-28516**, and **CVE-2026-28517**, with attackers targeting vulnerable installations an...

Open Happening

NGINX rewrite-rule workaround for CVE-2026-42945

Advisory/Mitigation
First: 14.05.2026 18:43 Last: 14.05.2026 18:43 Sources 1

About this happening: **F5** issued a **workaround** for vulnerable **NGINX rewrite rules**, reducing exposure to **CVE-2026-42945** for operators who cannot upgrade immediately. The guidance replaces...

Open Happening

CISA emergency patch deadline for Ivanti EPMM

Public Sector Action
First: 08.05.2026 15:16 Last: 08.05.2026 15:16 Sources 1

About this happening: CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....

Open Happening

Timeline

  1. 30.03.2026 10:07 2 articles · 1mo ago

    CVE-2025-53521 exploited in F5 BIG-IP APM systems

    Technical Analysis Update

    CVE-2025-53521 was publicly disclosed in October 2025 as a high-severity DoS flaw, then reclassified last week as an RCE issue after F5 determined that unauthenticated attackers can execute code on BIG-IP APM systems with an access policy on a virtual server, including Appliance mode. CISA later warned that threat actors were exploiting the vulnerability in the wild, added it to the Known Exploited Vulnerabilities catalog, and F5 published indicators of compromise plus fixed releases for affected BIG-IP APM versions.

    Show sources
    Open in new tab