securityaffairs.com 3/28/2026, 8:12:07 AM · via preferred

U.S. CISA adds a flaw in F5 BIG-IP AMP to its Known Exploited Vulnerabilities catalog

U.S. CISA adds a flaw in F5 BIG-IP AMP to its Known Exploited Vulnerabilities catalog
Developing story vulnerability 8 articles tracked
F5 BIG-IP APM vulnerability (CVE-2025-53521) reclassified as unauthenticated RCE
CyberSIXT Evidence Panel
Primary Source my.f5.com
CISA KEV Listed in KEV
Patch Patch Available

ACCORDING to The U.S. Cybersecurity and Infrastructure Security Agency (CISA), a flaw in F5 BIG-IP AMP has been added to its Known Exploited Vulnerabilities catalog, tracked as CVE-2025-53521 with a CVSS v3.1 score of 9.8. The vulnerability in BIG-IP APM allows specially crafted malicious traffic to trigger Remote Code Execution when an access policy is enabled on a virtual server.

It was previously classified as a Denial-of-Service issue and has been reclassified as a critical Remote Code Execution flaw based on new findings in March 2026.

The advisory notes that the flaw has been exploited in vulnerable BIG-IP versions, and it quotes vendor guidance that “we have learned that this vulnerability has been exploited in the vulnerable BIG-IP versions below.” F5 thanks Schuberg Philis, Bart Vrancken, Fox-IT, and the Dutch NCSC for their assistance in investigating the issue, as federal agencies are instructed to address the vulnerability by March 30, 2026 under Binding Operational Directive 22-01.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline