Find notable cyber news and cases, enriched with sources, timelines, and signals.

F5 BIG-IP APM unauthenticated RCE (CVE-2025-53521)

Vulnerability
First reported
Last updated
Happening score
H score 84
2 unique sources, 2 articles

Summary

Hide ▲

CVE-2025-53521 is being actively exploited against F5 BIG-IP APM deployments, creating unauthenticated remote code execution risk for exposed systems. The flaw affects BIG-IP APM systems with an access policy configured on a virtual server, including Appliance mode. F5 says fixed releases are available, and CISA has added the CVE to its Known Exploited Vulnerabilities list. Organizations should prioritize patching because the weakness has already been abused in the wild.

Cases

Related Happenings

GC3 AI hackathons for government code remediation

Public Sector Action
H score28 First: 15.06.2026 12:30 Last: 15.06.2026 12:30 Sources 1

About this happening: **GC3** ran weekly AI hackathons that uncovered and helped remediate **407 vulnerabilities** across **nine UK government departments**, reducing exploitable risk in public-sector...

CISA KEV remediation for Android and Linux vulnerabilities

Advisory/Mitigation
H score57 First: 03.06.2026 18:36 Last: 03.06.2026 18:36 Sources 1

About this happening: CISA’s **KEV** update forced **federal agencies** to remediate **CVE-2025-48595** and **CVE-2022-0492** in **Android** and the **Linux kernel** before the **June 5** deadline, or...

CERT-In 12-hour KEV remediation guidance

Advisory/Mitigation
H score39 First: 26.05.2026 13:30 Last: 26.05.2026 13:30 Sources 1

About this happening: CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...

CERT-In issues 12-hour patch guidance for Indian organizations

Public Sector Action
H score38 First: 26.05.2026 13:30 Last: 26.05.2026 13:30 Sources 1

About this happening: **CERT-In** published new guidance on **May 25** urging Indian organizations to patch **actively exploited internet-facing vulnerabilities** within **12 hours**, tightening respon...

OpenDCIM multi-flaw exploitation wave (CVE-2026-28515, CVE-2026-28516, CVE-2026-28517)

Exploitation Wave
H score46 First: 17.05.2026 14:57 Last: 17.05.2026 14:57 Sources 1

About this happening: **openDCIM** is seeing an **active exploitation wave** tied to **CVE-2026-28515**, **CVE-2026-28516**, and **CVE-2026-28517**, with attackers targeting vulnerable installations an...

Timeline

  1. 30.03.2026 10:07 2 articles · 3mo ago

    CVE-2025-53521 exploited in F5 BIG-IP APM systems

    Technical Analysis Update

    CVE-2025-53521 was publicly disclosed in October 2025 as a high-severity DoS flaw, then reclassified last week as an RCE issue after F5 determined that unauthenticated attackers can execute code on BIG-IP APM systems with an access policy on a virtual server, including Appliance mode. CISA later warned that threat actors were exploiting the vulnerability in the wild, added it to the Known Exploited Vulnerabilities catalog, and F5 published indicators of compromise plus fixed releases for affected BIG-IP APM versions.

    Show sources