Traffic Management Issue in BIG-IP APM Access Policy by F5 Networks
CVE-2025-53521

9.3CRITICAL

Key Information:

Vendor

F5
Status
Big-ip
Vendor
CVE Published:
15 October 2025

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 1,140πŸ‘Ύ Exploit Exists🟣 EPSS 41%πŸ¦… CISA ReportedπŸ“° News Worthy

What is CVE-2025-53521?

CVE-2025-53521 is a critical vulnerability found in the BIG-IP Access Policy Manager (APM) of F5 Networks. This vulnerability arises when a BIG-IP APM access policy is set up on a virtual server. It allows malicious traffic to exploit weaknesses in the configuration, leading to Remote Code Execution (RCE). Such exploitation enables attackers to run arbitrary code on affected systems, posing severe risks to organizations that rely on this application for secure access management. Given that BIG-IP APM is widely utilized in environments that manage sensitive data and handle user authentication, the realization of this vulnerability could lead to unauthorized control, significant data exposure, and disruption of critical services.

Potential impact of CVE-2025-53521

  1. Remote Code Execution: The most immediate and serious threat posed by this vulnerability is RCE. This allows attackers to gain unauthorized control over systems, making it possible for them to manipulate data, install malware, or disrupt operations.

  2. Data Breaches: Exploitation can lead to significant data exposure, including sensitive user credentials and corporate data. Such breaches not only compromise individual privacy but also can lead to regulatory penalties and damage to an organization's reputation.

  3. Service Disruption: Organizations relying on BIG-IP APM for secure access may experience service interruption. Exploitation may lead to downtime, impacting operations and user access, resulting in financial losses and reduced trust from customers and stakeholders.

CISA has reported CVE-2025-53521

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-53521 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

BIG-IP 17.5.0 < 17.5.1.3

BIG-IP 17.1.0 < 17.1.3

BIG-IP 16.1.0 < 16.1.6.1

News Articles

favicon imageBleepingComputer

Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks

Internet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) vulnerability.

1 week ago

favicon imageDark Reading

Fortinet BIG-IP Vuln Reclassified as RCE, Under Exploitation

CVE-2025-53521 was first disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information reveals the bug is much more dangerous.

2 weeks ago

favicon imageDark Reading

F5 BIG-IP Vuln Reclassified as RCE, Under Exploitation

CVE-2025-53521 was first disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information reveals the bug is much more dangerous.

2 weeks ago

References

https://my.f5.com/manage/s/article/K000156741
vendor-advisory

EPSS Score

41% chance of being exploited in the next 30 days.

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by The Hacker News

  • πŸ¦…

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

Credit

F5
.