www.darkreading.com 3/30/2026, 8:16:07 PM · via preferred

Fortinet BIG-IP Vulnerability Reclassified as RCE, Under Exploitation

Developing story vulnerability 8 articles tracked
F5 BIG-IP APM vulnerability (CVE-2025-53521) reclassified as unauthenticated RCE
CyberSIXT Evidence Panel
CISA KEV Listed in KEV
Patch Patch Available

FORTINET has reclassified CVE-2025-53521 from a high-severity DoS flaw to a remote code execution vulnerability, with a 9.8 CVSS score, and it is currently under exploitation in the wild. The flaw was first disclosed on 15 October as a DoS bug affecting BIG-IP Access Policy Manager, but new information obtained in March 2026 led to the RCE categorisation, according to Fortinet's updated advisory.

Dark Reading notes that the US CISA added CVE-2025-53521 to its Known Exploited Vulnerabilities catalog on Friday, and Fortinet warns the flaw has been actively exploited. A threat actor can exploit the vulnerability by sending specific malicious traffic to virtual servers configured with BIG-IP AMP, which would grant RCE capabilities, with several BIG-IP AMP versions listed as vulnerable.

Fortinet urged customers to upgrade to a fixed version and cautioned that systems running in appliance mode remain susceptible, while Defused has published IoCs and related indicators of compromise for the exploitation activity.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline