F5 BIG-IP APM unauthenticated RCE (CVE-2025-53521)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2025-53521 is being actively exploited against F5 BIG-IP APM deployments, creating unauthenticated remote code execution risk for exposed systems. The flaw affects BIG-IP APM systems with an access policy configured on a virtual server, including Appliance mode. F5 says fixed releases are available, and CISA has added the CVE to its Known Exploited Vulnerabilities list. Organizations should prioritize patching because the weakness has already been abused in the wild.
Cases
Related Happenings
GC3 AI hackathons for government code remediation
Public Sector Action
H score28
First: 15.06.2026 12:30
Last: 15.06.2026 12:30
Sources 1
About this happening:
**GC3** ran weekly AI hackathons that uncovered and helped remediate **407 vulnerabilities** across **nine UK government departments**, reducing exploitable risk in public-sector...
GC3 AI hackathons for government code remediation
Public Sector ActionAbout this happening: **GC3** ran weekly AI hackathons that uncovered and helped remediate **407 vulnerabilities** across **nine UK government departments**, reducing exploitable risk in public-sector...
CISA KEV remediation for Android and Linux vulnerabilities
Advisory/Mitigation
H score57
First: 03.06.2026 18:36
Last: 03.06.2026 18:36
Sources 1
About this happening:
CISA’s **KEV** update forced **federal agencies** to remediate **CVE-2025-48595** and **CVE-2022-0492** in **Android** and the **Linux kernel** before the **June 5** deadline, or...
CISA KEV remediation for Android and Linux vulnerabilities
Advisory/MitigationAbout this happening: CISA’s **KEV** update forced **federal agencies** to remediate **CVE-2025-48595** and **CVE-2022-0492** in **Android** and the **Linux kernel** before the **June 5** deadline, or...
CERT-In 12-hour KEV remediation guidance
Advisory/Mitigation
H score39
First: 26.05.2026 13:30
Last: 26.05.2026 13:30
Sources 1
About this happening:
CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...
CERT-In 12-hour KEV remediation guidance
Advisory/MitigationAbout this happening: CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...
CERT-In issues 12-hour patch guidance for Indian organizations
Public Sector Action
H score38
First: 26.05.2026 13:30
Last: 26.05.2026 13:30
Sources 1
About this happening:
**CERT-In** published new guidance on **May 25** urging Indian organizations to patch **actively exploited internet-facing vulnerabilities** within **12 hours**, tightening respon...
CERT-In issues 12-hour patch guidance for Indian organizations
Public Sector ActionAbout this happening: **CERT-In** published new guidance on **May 25** urging Indian organizations to patch **actively exploited internet-facing vulnerabilities** within **12 hours**, tightening respon...
OpenDCIM multi-flaw exploitation wave (CVE-2026-28515, CVE-2026-28516, CVE-2026-28517)
Exploitation Wave
H score46
First: 17.05.2026 14:57
Last: 17.05.2026 14:57
Sources 1
About this happening:
**openDCIM** is seeing an **active exploitation wave** tied to **CVE-2026-28515**, **CVE-2026-28516**, and **CVE-2026-28517**, with attackers targeting vulnerable installations an...
OpenDCIM multi-flaw exploitation wave (CVE-2026-28515, CVE-2026-28516, CVE-2026-28517)
Exploitation WaveAbout this happening: **openDCIM** is seeing an **active exploitation wave** tied to **CVE-2026-28515**, **CVE-2026-28516**, and **CVE-2026-28517**, with attackers targeting vulnerable installations an...
Timeline
-
30.03.2026 10:07 2 articles · 3mo ago
CVE-2025-53521 exploited in F5 BIG-IP APM systems
Technical Analysis UpdateCVE-2025-53521 was publicly disclosed in October 2025 as a high-severity DoS flaw, then reclassified last week as an RCE issue after F5 determined that unauthenticated attackers can execute code on BIG-IP APM systems with an access policy on a virtual server, including Appliance mode. CISA later warned that threat actors were exploiting the vulnerability in the wild, added it to the Known Exploited Vulnerabilities catalog, and F5 published indicators of compromise plus fixed releases for affected BIG-IP APM versions.
Show sources
- F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild — www.securityweek.com — 30.03.2026 10:07
- Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks — www.bleepingcomputer.com — 02.04.2026 11:25